Hey everyone, I'm using a XGS 136 and have successfully set up both IPsec (with MFA) and SSL VPN (without MFA). Now, I want to enable OTP/MFA for SSL VPN, specifically when using OpenVPN Connect on iOS and Android. I have already: Enabled OTP globally under Authentication > One-time password (OTP) . Enabled OTP for my user account. Checked that SSL VPN is selected in the OTP settings. However, when I connect via OpenVPN Connect on iOS, I am never prompted for an OTP code. Adding the OTP code to the password manually each time is not an option. Can anyone clarify how MFA/OTP is supposed to work for SSL VPN users on Sophos XGS with OpenVPN? Am I missing a configuration step? Thanks in advance!

XGS SSL VPN with MFA

SaMB21 7 days ago

Hey everyone,

I'm using a XGS 136 and have successfully set up both IPsec (with MFA) and SSL VPN (without MFA). Now, I want to enable OTP/MFA for SSL VPN, specifically when using OpenVPN Connect on iOS and Android.

I have already:

Enabled OTP globally under Authentication > One-time password (OTP).
Enabled OTP for my user account.
Checked that SSL VPN is selected in the OTP settings.

However, when I connect via OpenVPN Connect on iOS, I am never prompted for an OTP code. Adding the OTP code to the password manually each time is not an option.

Can anyone clarify how MFA/OTP is supposed to work for SSL VPN users on Sophos XGS with OpenVPN? Am I missing a configuration step?

Thanks in advance!

otp
[edited by: SaMB21 at 8:55 PM (GMT -7) on 7 Apr 2025]

Top Replies

LuCar Toni 6 days ago in reply to SaMB21 +1

That is the current implementation. You could move to radius authentication, which takes over the LDAP part and does the radius authentication with something different.