Last modification | View Log | Download | RSS feed
THIS README IS INVALID AND NEEDS TO BE FIXED
This is designed to take otp information from an OPNSense config file and generate QR Codes for end users to enter into an authenticator. It is designed to be used for multiple routers, so the router name is included in the identification, thus mary on router-a and mary on router-b will have different entries and, probably different otp keys.
This is totally offline. You export an opnSense configuration file, then run the perl script processOPNSense.pl against it. processOPNSense.pl will create a tab separated file containing
It will also take the otp key and create a QR Code file (.png).
After that, any user running index.php will have the opportunity to enter their username/password and router. Assuming it is found in the TSV, the QR Code and the otp key will be displayed on the web page.
Tested on
1. Can be any arbitrary text, but should be consistent across calls 2. Stored in CSV as first column, allowing user1 to have entries in more than one router 3. Used in QR Code file name 4. Cleans up old entries when new config file processed in future if same router name used. 5. Used to populate router selector in login field of php scriptUser will then access index.php and put in their username, password and router. When they submit the form, the QR Code will be displayed if the information matches.
These scripts are insecure. The otp secret key is freely available to hackers with minimal effort. If the otp key is discovered for a particular user, security for that account is degraded significantly (totally bypasses the otp).
As such, it is recommended the created data (QR Codes, csv file) be treated as sensitive information and kept internal (on a secure LAN). Increased security can be achieved through (in increasing order of difficulty)