Google Authenticator, and (all?) other rotating-pin multi-factor authentication systems, rely on the clock on the token device (in this case your smart-phone or tablet) and the authenticating system (in this case the OpenVPN server). If the clocks are different by more than a few seconds or so, it will break your authentication.
NOTE: Differences in Time Zones don’t matter, the actual clock accuracy for the given time-zone does. But your authenticating device and your authenticating server can be set for two different time zones and that shouldn’t matter.
NTP is the answer. NTP stands for “Network Time Protocol” – you know, the army has a giant atomic clock that keeps perfect time and everyone can sync to it if they want… Similar idea. NTP servers offer a free service that allows other servers to sync their clocks to them. Out of the box, most cell phones and tablets already have this functionality built-in and working and periodically will adjust their clocks. But ubuntu (and probably many other linux distros) don’t necessarily have this service, or it doesn’t work as often as you might need it. (like it only checks at boot-up… and it is a linux server so honestly, how often is it really going to get rebooted?… I love linux…). So, doing a little work on the front-end might save you some head-scratching later on…
On your Ubuntu box we are going to install a simple time-sync tool which should do the trick. I am pulling this info from: https://help.ubuntu.com/13.10/serverguide/NTP.html. That guide is excellent and hits all the high points. If you want more info, check it out.
The only thing I would add is that prior to installing it you might want to force a manual sync of your server with this command:
ntpdate is the application that comes with ubuntu and performs a one-time sync at each bootup. The above command forces this app to perform an immediate manual sync with server ntp.ubuntu.com.
Once you have done that you can follow the ubuntu guide, or just look at the relevant commands I pulled from it below…
Here is the gist of it…
and if you need to reload it at some point:
The configuration file is located at: /etc/ntp.conf if you have some need to make things harder than they need to be :)…. some odd situations actually may require some more configuration. I will note that when it comes to security some audits require that you sync all servers to ONLY an INTERNAL time server on your network. If that is the case, you can manually define what servers ntpd uses in the conf file and that would be a legitimate reason for toying about :).
Anyhow, it took me like 4 searches to find the info I needed on NTP (which is fairly simple stuff) and there is a lot of useless junk in the top Google search results so hopefully this will help some folks get where they are going a bit faster.