Sophos Connect Client with OTP


I like the new feature of a free IPSEC client introduced with 17.5. As far as In know the CPU load of IPSEC-VPN on the gateway is much lower. I have just tested it and I experienced one issue which somebody else might have discovered.

Sophos connect client without OTP for local user authentication: Working fine, connection establised quickly and network behind XG reachable.

Then I activated OTP for the user on the XG and re-configured the connection with Sophos connect admin, simply activated "Prompt for 2FA": Unfortunately it does not connect, an authentication error occurs. Checking the VPN log I found all entries comperable until an authenication is logged:

[IKE] <IPSEC_VPN | 10> Xauth authetication of 'user' (myself) failed.

Of course without OTP the authenication at that point is successful. Anyone who has successfully used Sophos Connect client with OTP?

BTW: Use of OTP with SSL VPN was succesful, the OTP has to be added directly to the password. So can't be a problem with OTP in general.