VPN and 2FA setup

NethServer Version: 7.9.2009
Module: Users & Groups, VPN

Hi all,
Very new to Nethserver I spotted it whilst trying(failing) to configure Zentyal email server, I have found that Nethserver has many advantages that Zentyal lacks and have started looking at it this week for use within my company, From what I see so far it will be very useful,
I have got to the point of looking at VPN(OpenVPN) and I notice that I have the option to use “Username,OTP and Certificate” and have reached trouble,

I have my account provider set a Local LDAP and have set my users settings page as active,
I have set the VPN to use “Username,OTP and Certificate” and added my standard user to the list of Roadwarrior accounts,
Then when I go into the user setting page for a standard user and select Enable 2FA for user mark, the QR code appears and I scan the QR code with FreeOTP on my iPhone and get a code, when I put the code in I just get the error “Validation failed: Verification code is not valid.”
I assumed this may have been because of LDAP and changed over to Active Directory but to no avail.

I have disabled all of my firewall rules in case it was this but this also had no effect.

Is there anything that might cause this?

Thanks in advanced


and welcome to Nethserver Community.

It’s working here with LDAP and an Android phone. It’s not needed to change firewall settings for using OTP.

The code is valid just for a short time, then a new code is generated and the old one isn’t valid anymore. Please check that you enter the code in time.

check the time of your server, we need them synchronized


@mrmarkuz Are there any special steps you took or is there anyway you could outline what you did please?
I have downloaded the app on my android phone(Samsung Galaxy Note 10 5g+) but the same thing happens,I put the code in whilst the wheel is still about 75% full so it is in time.

@stephdl I have checked my server and it is on NTP, Comparing to the phone its the same time, but the code still shows the same error message as above.

Could I be doing something wrong?
Steps I have taken:
1 Install Nethserver
2 Set Ethernet port 1 to RED with external IP address and Ethernet port 2 to green with internal IP address
3 Install applications from software centre (antivirus, bandwidth monitor, email,fail2ban,file server, firewall,IPS, Restore data, SOGo, Threat shield, VPN, Web Proxy, Web Server, WebMail, Webtop) then run the update all button at the top of the page
4 Go to Users &groups and setup LDAP with users mark and maria
5 Go to settings and enable user settings page
6 Go to VPN> OVPN Roadwarrior, created my VPN and edited the settings to say auth mode Username OTP and Certificate, Input my Public IP as per the RED interface above and changed the DHCP DNS to Green Interface above
7 Go to User settings page and turn on 2FA and scan the QR code with my phone then got the above error.

Did you add an account to connect to the VPN?

Did you enable Threat Shield or IPS? If yes, please disable them and test again. Maybe they are blocking the OTP request.

I have added my user account mark to the VPN,

I have now removed Threat Shield and IPS entirely (As this is all currently for test purposes they are not needed) and rebooted the server,
I have gone back into the user page and still get the error "Validation failed: Verification code is not valid. "

Could there be any hardware reason?
I am using an AMD FX™-8150 Eight-Core Processor x 8 with 8GB RAM and a secondary installed PCI ethernet adapter.

What is the browser you use please

Few chances

I am using Mozilla Firefox

No idea why it doesn’t work, it seems something weird

freeotp and firefox are a good choice, could test with chrome

I have this morning decided to use different hardware and install a new copy of Nethserver,
I have only installed what I will be testing (email,file server,firewall,SOGo,web proxy & filter) and left them all default unconfigured, installed LDAP with users standard users mark and maria and set mark as a VPN user, then tried to use 2FA on the user page and still get the error.

I cannot see where this is going wrong, yet I am still eager to get it working

No tested with a simple user from LDAP but I tested it today with the root user of my VM, it simply works. Flash the QR code with freeOTP and fill the validation code that you retrieve with the application.

The only known issue is if the time is not retrieved by NTP (time not synchronized on the two side)

1 Like