Unable to load duo_openvpn.so in OpenVpn server v. 2.4.6

I recently built and installed the duo_openvpn.so plugin on my openvpn server (version 2.4.6) and after installation/configuration of the plugin I am getting the following error on startup of openvpn:

openvpn[2547]: Options error: Unrecognized option or missing or extra parameter(s) in /tmp/openvpn/openvpn.conf:33: plugin (2.4.6)

This line (#33) that generated this error in the openvpn.conf is as follows:
plugin /opt/duo/duo_openvpn.so ‘xxxxx yyyyyy zzzzzzzzz’

I saw that there was an error using this syntax with OpenVpn (v2.4.1-2)

Reference posting here:
(Latest OpenVPN Update (v2.4.1-2) Breaks duo_openvpn.so)
and the solution there was to enclose the 3 keys for the plugin in single quotes ’ '. Is this a known issue with OpenVpn 2.4.6 and is there any workaround for this error?

I also followed the setup guide here:

and I have tried using double quotes and no-quotes but the error is the same after restarting the openvpn server. Because of this error, openvpn server fails to start and I have commented out loading of the duo plugin for now.

Let me know if this should be investigated further with Support/Engineering.

Thank you!


Hi JohnB,

An error to start the OpenVPN service with the above resulting error typically means there is an issue with the syntax of the config file, as you have noted. I haven’t been able to reproduce the error that you are seeing so I am curious though for more details. What OS are you currently running with specific version?

If you want to get more immediate help, the Duo Support Team is always at your disposal as well via phone, email, or chat. Check out, Support | Duo Security, for the details.

Hi Landon,
I did some additional investigation and the error was caused by my OpenVpn server compiled without the ‘enable_plugin’ runtime option.
I was able to install a different OpenVpn version with this option enabled and the Duo plugin with the same security key/API ID syntax worked as expected.

NOTE: I was able to use this plugin on an ARM-based Netgear R7000 router using Python and libpam dev. tools to compile it.