OpenVPN on linux as client to Cisco VPN using MS 2FA

rmf · Post by **rmf** » Wed Mar 16, 2022 8:02 pm

I've been usinng openconnect (OpenVPN client on Ubuntu) for many years without a hitch, in order to connect my Ubuntu server with the university's network. On the university side, thy use a Cisco VPN server. Now they want to enable what they call two step authentication. This requires sending a tokent (OTP, SMS code, etc) after entering the name and password.

However, I could not get this to work - mainly because I lack the knowledge on how this is to be handled by openVPN. I can use the google OTP generator, or even better, the MicroSoft OTP generator (which is recommended) to generate the token, or I can have one sent by SMS.

But I just can't find any step by step instructions on what to do to get that working. I know from the manual that openconnect has the --token-mode and --token-secret options, but I can't get that properly configured.

Has anyone achieved this and is willing to share his/her knowledge?

Thanks in advance
Robert

Post by **Pippin** » Wed Mar 16, 2022 8:06 pm

Openconnect is not OpenVPN.

The protocols are incompatible.
.

TinCanTech · Post by **TinCanTech** » Wed Mar 16, 2022 8:43 pm

Ask the university for your client file.

Post by **openvpn_inc** » Sat Mar 19, 2022 9:25 pm

Hi Robert,

Both Microsoft Authenticator and Google's are TOTP services, usually interchangeable. But of course as Pippin pointed out (as does the FAQ at the wiki!) OpenVPN can't connect to ipsec, and vice versa.

regards, rob0

OpenVPN Support Forum

OpenVPN on linux as client to Cisco VPN using MS 2FA

OpenVPN on linux as client to Cisco VPN using MS 2FA

Re: OpenVPN on linux as client to Cisco VPN using MS 2FA

Re: OpenVPN on linux as client to Cisco VPN using MS 2FA

Re: OpenVPN on linux as client to Cisco VPN using MS 2FA