OpenVPN and privacyIDEA Push Token

Hi,
is there any way how to use OpenVPN and privacyIDEA Push Tokens?
OpenVPN can use RADIUS, or PAM for user authentication.

It’s not possible to use radius Testing privacyIDEA Push Token so I’m using https://github.com/privacyidea/pam_python

But there is the same problem. I enter username and pin to OpenVPN connect prompt. After that OpenVPN crash with error AUTH: Received control message: AUTH_FAILED.

In OpenVPN server config I have:

plugin /usr/lib/x86_64-linux-gnu/openvpn/plugins/openvpn-plugin-auth-pam.so openvpn

and /etc/pam.d/openvpn:

auth    [success=1 default=ignore]      pam_python.so /opt/pam_python/privacyidea_pam.py url=https://ovpn-mfa.example.net/ prompt=privacyIDEA_Authentication
auth    requisite           pam_deny.so
auth    required            pam_permit.so
session sufficient          pam_permit.so
account sufficient          pam_permit.so

logs:

# /var/log/openvpn.log
AUTH-PAM: BACKGROUND: user 'pokus' failed to authenticate: Authentication failure
Wed Feb 12 12:49:38 2020 1.2.3.4:53358 PLUGIN_CALL: POST /usr/lib/x86_64-linux-gnu/openvpn/plugins/openvpn-plugin-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=1
Wed Feb 12 12:49:38 2020 1.2.3.4:53358 PLUGIN_CALL: plugin function PLUGIN_AUTH_USER_PASS_VERIFY failed with status 1: /usr/lib/x86_64-linux-gnu/openvpn/plugins/openvpn-plugin-auth-pam.so
Wed Feb 12 12:49:38 2020 1.2.3.4:53358 TLS Auth Error: Auth Username/Password verification failed for peer

# tail -f /var/log/auth.log
Feb 12 12:49:38 ovpn-mfa openvpn: offline check returned: False, None
Feb 12 12:49:38 ovpn-mfa openvpn: requests > 1.0
Feb 12 12:49:38 ovpn-mfa openvpn: Prompting for challenge response
Feb 12 12:49:38 ovpn-mfa openvpn: requests > 1.0

Is possible to use OpenVPN and privacyIDEA Push Tokens? @cornelinux

Thanks.

The only option would be https://privacyidea.readthedocs.io/en/latest/policies/authentication.html#push-wait