Closed amccre closed 3 years ago
Hi,
as i have seen from openfortivpn there is already a "otp-prompt" var where you can define the search string for the OTP prompt. I will include this option in OpenFortiGUI so this should solve this problem.
Thanks, that's great! Looking forward to trying it out.
Hi,
there are now developer builds available for Debian/Ubuntu from latest master branch, maybe you want to give it a try: https://apt.iteas.at/iteas-dev/pool/main/o/openfortigui/
I install developer build "openfortigui_99.9.1056-1_amd64_bionic.deb ". I tried adding the text below to the main.conf and also to the
How do I go about defining the variable "otp-prompt"?
Best is you define via GUI in your VPN profile settings. The Parameter is "otp_prompt" in your VPN profile in [options] category.
Ok, I tried the various settings, but never see an OTP prompt. Even with "Always ask for OTP" set. Have tried with 99.9.1052-1 & 99.9.1056-1.
The OTP prompt should definitely come up, sure its not in the background or something?
No, it is not there anywhere. It goes immediately back to "Disconnected" after trying to connect.
Here is the log:
INFO: Start tunnel. DEBUG: server_addr: 216.151.27.50 DEBUG: server_port: 10443 DEBUG: gateway_addr: 216.151.27.50 DEBUG: gateway_port: 10443 DEBUG: Setting cipher list to: HIGH:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4 DEBUG: Gateway certificate validation succeeded. INFO: Connected to gateway. INFO: Delaying OTP by 3 seconds...
May 31 11:31:57 openfortiGUI::Debug: "start-main::" May 31 11:31:57 openfortiGUI::Warning: QMetaObject::connectSlotsByName: No matching signal for on_btnAddVPN_clicked() May 31 11:31:57 openfortiGUI::Warning: QMetaObject::connectSlotsByName: No matching signal for on_btnDeleteVPN_clicked() May 31 11:31:57 openfortiGUI::Warning: QMetaObject::connectSlotsByName: No matching signal for on_btnEditVPN_clicked() May 31 11:31:57 openfortiGUI::Warning: QMetaObject::connectSlotsByName: No matching signal for on_btnCopyVPN_clicked() May 31 11:31:57 openfortiGUI::Warning: QMetaObject::connectSlotsByName: No matching signal for on_btnAddGroup_clicked() May 31 11:31:57 openfortiGUI::Warning: QMetaObject::connectSlotsByName: No matching signal for on_btnDeleteGroup_clicked() May 31 11:31:57 openfortiGUI::Warning: QMetaObject::connectSlotsByName: No matching signal for on_btnEditGroup_clicked() May 31 11:31:57 openfortiGUI::Warning: QMetaObject::connectSlotsByName: No matching signal for on_btnCopyGroup_clicked() May 31 11:31:57 openfortiGUI::Warning: QObject::connect: No such signal vpnLogger::finished() May 31 11:31:57 openfortiGUI::Warning: QObject::connect: No such signal vpnLogger::finished() May 31 11:31:58 openfortiGUI::Debug: tiConfVpnProfile::readVpnProfiles() -> vpnprofile found: "/home/xxxxxx/.openfortigui/vpnprofiles/xxxxxx.conf" May 31 11:31:58 openfortiGUI::Debug: MainWindow::refreshVpnProfileList() -> vpnprofiles found:: "xxxxxx" May 31 11:31:58 openfortiGUI::Warning: inotify_add_watch("/etc/openfortigui/vpnprofiles") failed: "No such file or directory" May 31 11:31:58 openfortiGUI::Debug: tiConfVpnProfile::readVpnProfiles() -> vpnprofile found: "/home/xxxxxx/.openfortigui/vpnprofiles/xxxxxx.conf" May 31 11:32:02 openfortiGUI::Debug: start vpn: "xxxxxx" active-tab:: 0 May 31 11:32:02 openfortiGUI::Debug: Start vpn:: "xxxxxx" May 31 11:32:02 openfortiGUI::Debug: add logger "/home/xxxxxx/.openfortigui/main.conf" May 31 11:32:02 openfortiGUI::Debug: tiConfVpnProfile::readVpnProfiles() -> vpnprofile found: "/home/xxxxxx/.openfortigui/vpnprofiles/xxxxxx.conf" May 31 11:32:02 openfortiGUI::Debug: "start-vpn process::" "xxxxxx" May 31 11:32:02 openfortiGUI::Debug: "start-vpn process::config_file::" "/home/xxxxxx/.openfortigui/main.conf" May 31 11:32:02 openfortiGUI::Debug: vpnManager::onClientConnected() May 31 11:32:02 openfortiGUI::Debug: client api helo command:: 0 ::name:: "xxxxxx" May 31 11:32:02 openfortiGUI::Debug: tiConfVpnProfile::readVpnProfiles() -> vpnprofile found: "/home/xxxxxx/.openfortigui/vpnprofiles/xxxxxx.conf" May 31 11:32:02 openfortiGUI::Debug: vpnWorker::process::slot May 31 11:32:03 openfortiGUI::Debug: 1590949923019 bytes avail:: 22 May 31 11:32:03 openfortiGUI::Debug: vpnProcess::onObserverUpdate::status_update "xxxxxx" state 1 May 31 11:32:03 openfortiGUI::Debug: vpnProcess::onObserverUpdate::status_update2 "xxxxxx" state 1 May 31 11:32:03 openfortiGUI::Debug: vpnManager::onClientVPNStatusChanged() "xxxxxx" status 1 May 31 11:32:03 openfortiGUI::Debug: MainWindow::onClientVPNStatusChanged:: "xxxxxx" ::status:: 1 May 31 11:32:11 openfortiGUI::Debug: 1590949931081 bytes avail:: 276 May 31 11:32:11 openfortiGUI::Debug: 1590949931482 bytes avail:: 37 May 31 11:32:15 openfortiGUI::Debug: client disconnected:: "xxxxxx" May 31 11:32:15 openfortiGUI::Debug: vpnManager::onClientVPNStatusChanged() "xxxxxx" status 0 May 31 11:32:15 openfortiGUI::Debug: MainWindow::onClientVPNStatusChanged:: "xxxxxx" ::status:: 0 May 31 11:32:15 openfortiGUI::Debug: VPN process "xxxxxx" error occurred! May 31 11:32:15 openfortiGUI::Debug: VPN process "xxxxxx" finished!
There was a bug with "always otp" when not using a system password manager. Maybe you can try again?
I am unable to use two factor authentication because the wording of the challenge sent from our RADIUS server is different than what the code is looking for.
Our server responds with: Please enter token code
The openfortigui looks for 3 different things it appears (vpnlogger.cpp):
if(toLog.contains("2factor authentication token:") || toLog.contains("Two-factor authentication") || toLog.contains("one-time password"))
Since the response text really could be anything, would it be possible to make additional items to search for configurable in the VPN profile? Or if not that, could it be added to the main.conf file?
Also, I couldn't find anything in the logs with debug turned on where this text would logged. I found it by connecting using the command line with openfortivpn.
Thanks,
Aaron