Sophos Ideas

Do you have an idea for a Sophos product? Do you recognize a good idea when you see one? We want to hear from you!

Duo_on_UTM

My feedback

  1. 48 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    11 comments  ·  SG UTM » Authentication  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Duo_on_UTM commented  · 

    If anyone wants exact specifics, or if you want to take a shortcut and just grab pre-compiled stuff, I'll post this on the astaro forum.

    An error occurred while saving the comment
    Duo_on_UTM commented  · 

    I was able to integrate DuoSec's openvpn plugin into my UTM 9.315-2 install. It requires building the plugin on an arch-similar platform; I used SLED 11 SP4. The plugins are all compiled as 32-bit ELF binaries, so make sure you include the -m32 cflag when building. Also, you'll need to make some edits to the duo_openvpn.c file prior to compiling, due to openvpn running in a chroot on the UTM. The path to the duo_openvpn.py script needs to be a static path that exists within the chroot. Also, since the openvpn chroot doesn't have the python binary or any of the associated libraries, they need to be copied/linked into the chroot as well. I used a bind mount for the python libraries, and just copied the python binary directly. Lastly, you'll have to edit the openvpn.conf-default file and comment out the utm plugin (it won't work with the duosec plugin), and insert the duo plugin info.

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.