By default, the Duo post-auth script for Access Server sends a passcode instead of push notifications, and some customers prefer to receive push notifications.
- Go to your OpenVPN Access Server CLI.
- Change to the directory where you have the "duo_openvpn_as.py" file (most likely in "/usr/local/openvpn_as/scripts/").
- Edit this file using the "nano" command like this:
- Find the line "AUTOPUSH = False" and change it to "AUTOPUSH = True" as in the last line in the example below:
root@openvpn-access-server:/usr/local/openvpn_as/scripts# nano duo_openvpn_as.py
# Set AUTOPUSH to True to automatically prompt the user's default 2FA device.
# This will remove any user prompts for factor selection.
AUTOPUSH = True
- Press ctrl+x, then press y, and then press enter, to save and exit the file.
- Use the below command to load the duo file again with the changes:
sudo su cd /usr/local/openvpn_as/scripts
./sacli --key "auth.module.post_auth_script" --value_file="/usr/local/openvpn_as/scripts/duo_openvpn_as.py" ConfigPut
- Reload the service to commit the changes:
Now you can test push notifications to your cell phone by signing in again to Access Server.
If you have additional questions please submit a ticket.