Our setup is that we have MFA on the User Portal, but not required for SSL VPN (the cert and config file on the laptop is the "something you have" second factor in this case). This works okay for the legacy SSL VPN client - users download the installer via the user portal with username + password + OTP, raise a ticket for someone with admin privs to install, then just put in their username and password and connect.
I'm testing Sophos Connect to get multi gateway working, and to allow for self service install without needing admin involvement, and it's not working. What I've tried is:
- otp = false
- downloads provisioning file correctly with username & password+otp but tries to use the same creds to log in to openvpn, which fails because it now thinks the OTP is part of the AD password. Because openvpn auth failed, it throws the config away and starts again.
- otp = true
- downloads provisioning file correctly with username & password & otp, but then insists on otp for the SSL VPN login so the user can't proceed to actually log in.
Is there a trick to this or is this simply not a supported config?
James
This thread was automatically locked due to age.