GNOME Bugzilla – Bug 777404
[review] lr/otp: FortiSSLVPN prompt for 2factor
Last modified: 2017-07-26 16:09:44 UTC
The FortiSSLVPN UI for the Gnome Network Manager was a great add. Unfortunately, it does not prompt the user for the 2factor authentication token that the underlying call to openfortivpn requests. Here's the journalctl output for the request, in case people are curious. vpn-connection: Started the VPN service vpn-connection: Saw the service appear; activating connection vpn-connection: VPN connection: (ConnectInteractive) reply received vpn-connection: VPN plugin: state changed: starting (3) INFO: Connected to gateway. 2factor authentication token: WARN: Error issuing /remote/logincheck request ERROR: Could not authenticate to gateway (Permission denied). INFO: Closed connection to gateway. INFO: Logged out. vpn-connection: VPN plugin: failed: connect-failed (1) Steps to reproduce: 1. Set up a FortiNet SSL vpn with 2 factor authentication. 2. Attempt to connect to the vpngateway:port (with or without password) 3. Fill in your password when prompted if not done in step 2. 4. The VPN connection will fail instead of asking for your 2factor token.
Here's a branch ready for review: https://git.gnome.org/browse/network-manager-fortisslvpn/log/?h=lr/otp (Requires a change in openfortivpn that has not been pulled yet: https://github.com/adrienverge/openfortivpn/pull/151)
This problem has been fixed in the unstable development version. The fix will be available in the next major software release. You may need to upgrade your Linux distribution to obtain that newer version.