Sophos Ideas

Do you have an idea for a Sophos product? Do you recognize a good idea when you see one? We want to hear from you!

Duo_on_UTM

My feedback

  1. 47 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    11 comments  ·  SG UTM » Authentication  ·  Flag idea as inappropriate…  ·  Admin →
    Duo_on_UTM commented  · 

    If anyone wants exact specifics, or if you want to take a shortcut and just grab pre-compiled stuff, I'll post this on the astaro forum.

    Duo_on_UTM commented  · 

    I was able to integrate DuoSec's openvpn plugin into my UTM 9.315-2 install. It requires building the plugin on an arch-similar platform; I used SLED 11 SP4. The plugins are all compiled as 32-bit ELF binaries, so make sure you include the -m32 cflag when building. Also, you'll need to make some edits to the duo_openvpn.c file prior to compiling, due to openvpn running in a chroot on the UTM. The path to the duo_openvpn.py script needs to be a static path that exists within the chroot. Also, since the openvpn chroot doesn't have the python binary or any of the associated libraries, they need to be copied/linked into the chroot as well. I used a bind mount for the python libraries, and just copied the python binary directly. Lastly, you'll have to edit the openvpn.conf-default file and comment out the utm plugin (it won't work with the duosec plugin), and insert the duo plugin info.

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.