openfortivpn: add password2 parameter#28598
openfortivpn: add password2 parameter#28598andoniElBicho wants to merge 1 commit intoopenwrt:masterfrom
Conversation
Introduce password2 new parameter in openfortivpn to enable introducing OTP or other DFA necessary for the VPN connection established.Password2 parameter name and coding has been copied from openconnect package. Signed-off-by: Andoni Diaz de Cerio <andoni.diazdecerio@gmail.com>
|
Show me a binary distribution of openfortivpn that takes a password2 parameter. |
|
@adrienverge is this some AI hallucination? |
No, openfortivpn binary has no password2 parameter and neither has openconnect binary. Password2 parameter, as implemented in openconnect package, is used to specify via stdin an optional second password (OTP code for example) that some VPN connections require for being established. Here openconnect example, I have copied the password2 parameter from that package (https://github.com/openwrt/packages/blob/master/net/openconnect/files/openconnect.sh) |
|
Show how it's supposed to be used by openfortivpn. I don't see this functionality exposed in the source. |
|
The idea is that openfortivpn binary uses following the same mechanism that is used to pass the existing password. In my case when trying to establish a new VPN connection with openfortivpn the server requests to introduce two different passwords: the password corresponding to the username and another doble auth factor ( for example an OTP code send to my phone or mail). This second password is request via stdin at runtime when you manually execute openfortivpn. In this case, I propose to use the same mechanism than in openconnect package : in this package this password2 parameter is passed in the second line of the password file used to this purpose. Openfortivpn binary is executed using a wrapper (https://github.com/openwrt/packages/blob/master/net/openfortivpn/files/openfortivpn-wrapper) that takes this PWD file as a parameter and then passes it to openfortivpn command when executing it via stdin. When using this password2 two different lines are passed the first one with the password parameter and the second one with the password2 parameter. This is the way openconnect package has implemented it (https://github.com/openwrt/packages/tree/master/net/openconnect/files). I have tested it in my set up and it works fine as it does in openconnect package. Thanks and sorry for so long explanation :) |
|
I don't see this mentioned in the help or manpage, but... it works for you? Does the server side use a modified binary? |
|
Maybe it is not mentioned in the manpage because it is only an internal mechanism to pass both passwords to the binary, in its manual execution they are typed with the keyboard. Yes, it works for me using a normal server side FortiVPN server without any modification. |
2 participants
Introduce password2 new parameter in openfortivpn to enable introducing OTP or other DFA necessary for the VPN connection established.Password2 parameter name and coding has been copied from openconnect package.