starred/openvpn-otp
1
0
Fork 0
mirror of https://github.com/evgeny-gridasov/openvpn-otp.git synced 2026-04-25 21:35:54 +03:00
Code Issues 19 Projects Releases 1 Packages Wiki Activity

[GH-ISSUE #2] Client compatibility #3

New issue
Closed
opened 2026-02-25 22:30:43 +03:00 by kerem · 5 comments
kerem commented 2026-02-25 22:30:43 +03:00
Owner
Copy link

Originally created by @1337sup3rh4x0r on GitHub (May 23, 2015).
Original GitHub issue: https://github.com/evgeny-gridasov/openvpn-otp/issues/2

This looks really interesting!
Before I upgrade my server though, I would like to know:
Does each client have to support this login method specifically or is it delivered through a generic password prompt?
I access my server via the openvpn android app a lot so this would need to be compatible for me.
Thanks for clarifing!

Originally created by @1337sup3rh4x0r on GitHub (May 23, 2015). Original GitHub issue: https://github.com/evgeny-gridasov/openvpn-otp/issues/2 This looks really interesting! Before I upgrade my server though, I would like to know: Does each client have to support this login method specifically or is it delivered through a generic password prompt? I access my server via the openvpn android app a lot so this would need to be compatible for me. Thanks for clarifing!
kerem closed this issue 2026-02-25 22:30:43 +03:00
kerem commented 2026-02-25 22:30:43 +03:00
Author
Owner
Copy link

@evgeny-gridasov commented on GitHub (May 24, 2015):

You need to make sure that reneg_sec is set to 0 on your client. Other than that everything else should just work. You'll get a generic password prompt on the client.
When asked, provide your username and a password. Your password is a concatenation of the PIN and current OTP token, for a PIN=1234 and token=777888 you should enter 1234777888

<!-- gh-comment-id:104962127 --> @evgeny-gridasov commented on GitHub (May 24, 2015): You need to make sure that reneg_sec is set to 0 on your client. Other than that everything else should just work. You'll get a generic password prompt on the client. When asked, provide your username and a password. Your password is a concatenation of the PIN and current OTP token, for a PIN=1234 and token=777888 you should enter 1234777888
kerem commented 2026-02-25 22:30:44 +03:00
Author
Owner
Copy link

@1337sup3rh4x0r commented on GitHub (May 24, 2015):

due to the rather weak 4 digit pin, is this combination not weaker than a strong password on its own?

<!-- gh-comment-id:105001747 --> @1337sup3rh4x0r commented on GitHub (May 24, 2015): due to the rather weak 4 digit pin, is this combination not weaker than a strong password on its own?
kerem commented 2026-02-25 22:30:44 +03:00
Author
Owner
Copy link

@evgeny-gridasov commented on GitHub (Jun 24, 2015):

I am not a crypto expert but this combination is very common in many enterprise production environments.

<!-- gh-comment-id:114755885 --> @evgeny-gridasov commented on GitHub (Jun 24, 2015): I am not a crypto expert but this combination is very common in many enterprise production environments.
kerem commented 2026-02-25 22:30:44 +03:00
Author
Owner
Copy link

@jayeye commented on GitHub (Sep 10, 2015):

Given that people usually tape the PIN on the fob itself, it indeed does not increase security. The usual reason for having a PIN is to guard against using the wrong fob and then complaining to the IT staff that their fob is not working.

<!-- gh-comment-id:139120511 --> @jayeye commented on GitHub (Sep 10, 2015): Given that people usually tape the PIN on the fob itself, it indeed does not increase security. The usual reason for having a PIN is to guard against using the wrong fob and then complaining to the IT staff that their fob is not working.
kerem commented 2026-02-25 22:30:44 +03:00
Author
Owner
Copy link

@evgeny-gridasov commented on GitHub (Dec 12, 2015):

1337sup3rh4x0r - restriction on the PIN has been removed, from now on it may be an arbitrary string or even empty if you want.

<!-- gh-comment-id:164142502 --> @evgeny-gridasov commented on GitHub (Dec 12, 2015): 1337sup3rh4x0r - restriction on the PIN has been removed, from now on it may be an arbitrary string or even empty if you want.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
v1.0
Labels
Clear labels   
pull-request

Mirrored from GitHub Pull Request

No labels
pull-request
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/openvpn-otp#3
No description provided.