On 2019-08-20 20:03, Daniel Lenski wrote:
On Fri, Aug 16, 2019 at 3:15 AM Simon Fredriksson <simon@xxxxxxxxx>
wrote:
Can OpenConnect be configured to connect to AnyConnect server, then
wait
for an OTP to be sent via phone text message?
I assume you're referring to OpenConnect (the client) rather than
ocserv (the server) here?
If so… the answer is, "yes, it just works." Have you tried it and
encountered some specific problem?
I frequently connect to a Cisco VPN that works in exactly this way:
1. openconnect/Cisco AnyConnect fetches the initial login form
2. Fill out form, submit username and password
3. Server sends form with secondary password/OTP field
4. Server sends OTP code to me via SMS <10-30 seconds delay>
5. I fill out the OTP form and submit
6. Tunnel initiated
-Dan
I managed to script it using Expect, looking like this:
--
#!/usr/bin/expect -f
set timeout -1
spawn openconnect --pid-file=/tmp/tun69.pid --interface=tun69
--script=/usr/share/vpnc-scripts/vpnc-script vpn.example.com
match_max 100000
expect -exact "GROUP: \[aa-vpn-certificate|aa-vpn-local|aa-vpn-otp\]:"
send -- "aa-vpn-otp\r"
expect -exact "Username:"
send -- "myUserName\r"
expect -exact "Password:"
send -- "mySecretPassword\r"
expect -exact "Response:"
interact
--
Then the last step would be to just enter the OTP from my phone.
_______________________________________________
openconnect-devel mailing list
openconnect-devel@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/openconnect-devel
