Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OTP prompt not appearing #179

Open
digitalkram opened this issue Sep 19, 2022 · 0 comments
Open

OTP prompt not appearing #179

digitalkram opened this issue Sep 19, 2022 · 0 comments

Comments

@digitalkram
Copy link

digitalkram commented Sep 19, 2022
edited
Loading

Hello,

This might be a duplicate of #107. But as I am not 100% sure I do not want to hijack issue #107. If feasible this one can be closed and be further discussed in #107....

This report refers to version openFortiGUI 0.9.8-dev from the iteas repo.

We were using the above version without issues while the OTP came from the FortiToken Mobile app. Now our organization switched FortiVPN from FortiToken Mobile to Microsoft SSO (to harmonize the methods used within the organization).

With this new OTP mechanism connecting VPN openfortigui fails while it still works with openfortivpn from the cli.

GUI log:

─▶ $  cat logs/openfortigui.log
[...]
Sept. 19 11:39:00 openfortiGUI::Debug: VPN process  "<vpn name>"  error occurred!
Sept. 19 11:39:00 openfortiGUI::Debug: VPN process  "<vpn name>"  finished!
─▶ $

VPN log:

└─▶ $  cat logs/vpn/<vpn name>.log 
Sept. 19 11:38:59 INFO:   Start tunnel.
DEBUG:  SO_KEEPALIVE: 0
DEBUG:  SO_SNDBUF: 6
DEBUG:  SO_RCVBUF: 60
DEBUG:  server_addr: 178.15.58.20
DEBUG:  server_port: 443
DEBUG:  gateway_addr: 178.15.58.20
DEBUG:  gateway_port: 443
DEBUG:  Setting cipher list to: HIGH:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4
DEBUG:  Gateway certificate validation succeeded.
INFO:   Connected to gateway.

openfortivpn cli log:

└─▶ $  sudo openfortivpn
VPN account password: 
INFO:   Connected to gateway.
Please enter one-time password:
INFO:   Authenticated.
INFO:   Remote gateway has allocated a VPN.
Using interface ppp0
Connect: ppp0 <--> /dev/pts/3
INFO:   Got addresses: [xx.x.xxx.x], ns [xx.x.x.xx, xx.x.x.xx]
INFO:   negotiation complete
INFO:   negotiation complete
local  IP address 10.6.230.7
remote IP address 192.0.2.1
INFO:   Interface ppp0 is UP.
INFO:   Setting new routes...
WARN:   Route to gateway exists already.
INFO:   Adding VPN nameservers...
INFO:   Tunnel is up and running.

Similar to #107 it hangs at INFO: Connected to gateway.

As seen in the openfortivpn log the OTP request string in our case is Please enter one-time password: which afaict is the default one.
I tried messing around with Always ask for OTP and OTP prompt string to no avail. And due to the correct OTP request string that's probably expected.
So obviously question here is more why it hangs there when called by GUI and not when called via cli.

Debug is ticked in the VPN settings already. Is there a way to pass -v to the call of openfortivpn to get more logs?

Thanks and cheers
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@digitalkram