We have a pretty standard OpenVPN setup for some of our users. One of them just got a new phone, and although the trasfer brought over his Google Authenticator app and the code still shows, it no longer works with OpenVPN. This article explains how to resolve this.
Easy, I thought – we just need that QR code which adds OpenVPN into the Google Authenticator app, and he’ll be back up and running. Wrong.
It seems that once the user is up and running, becuase Authenticator is tied to the device, it still thinks it’s ready for action on the old device, and so there is no way to display the original QR code.
So, the user account within OpenVPN needs authentication resetting. This then tells OpenVPN to display a new QR code, and the app can then be configured correctly.
It’s simple enough – SSH into the OpenVPN system, then type the following, replacing <USERNAME> with the user’s login id that you wish to rest.
sudo ./sacli --user <USERNAME> GoogleAuthRegen