Prefill password in Sophos VPN

Hi Clothia C,

Thank you for reaching out to the Community! 

Are you trying to turn off the OTP?

If you’re trying to save the user credentials, the OpenVPN Client does not have a secure way to save the password. 

Thanks,

I want to save part of the credentials.

For password I have to enter a static part and a token from an auth-app.

Since the static part is about 20 characters strong, I would prefer to pre-fill that part.

You can use Keepass for this. Keepass can even store the OTP and fill in the complete username and password including the OTP. For this to work you need the KeeOTP plugin in Keepas 2.x

I looked up KeeOTP, but it is no longer available
No downloads - KeeOtp / Wiki / Home (sourceforge.net)

But I read that there is a {timeopt} Placeholder. Any idea how to use that?

Yes, just looked it up, seems to be almost the same as what the KeeOTP plugin did.

You need to go to the advanced settings of the entry in Keepass and enter a String field like this:

I believe the value of the secret found in UTM is the HEX value, so you would need to name the field: TimeOtp-Secret-Hex with the value copied from the OTP of your UTM-account.

Then you go to the Auto-Type tab in the same entry and you can configure it like so:

The Target Window can be chosen from all current open windows, so make sure to first have the VPN-client ask you to login, then configure this Auto-type entry.

In my examply I used the placeholder {totp} (which is for KeeOTP), instead you can use {timeotp}

In this example, with the screen open and the cursor in the username field, it will fill in the {USERNAME} press {TAB}, fill in the {PASSWORD} followed by the {timeotp} and then hits {ENTER}.

I have a bit more details on my blog about this.

Thanks a lot for the help.

I have read your entry and tried to follow through this. My problem is, that keepass seems to support {TIMEOTP} but I cannot find out how to connect this to the entry  within advanced.

I am getting {USERNAME}{TAB}{PASSWORD}{ENTER}{TIMEOTP}, but

The enter goes before TIMEOTP instead of after AND TIMEOTP is just not related to the secret.
I searched keypass and google, but could not find how to setup the secret.

Any idea how to find out more information about {TIMEOTP}?

And how can I ensure it does not press {ENTER} after the password?

I tried another plugin (twofactorqrcodereader).

And it seems to add the right entries to keypass, but now, I am always getting the wrong credentials.

Not sure why I am getting the additional {ENTER}.

Arrrrggghgh

In the 'Use custom keystroke....' you can manually adjust the placeholders and their order.

Thanks apijnapple.

I read your Keepass blog and it is exactly what I did, but it always opens the Keepass window at the end and it does not log me in.

Very strange.

Strange indeed. You did "have the Sophos SSL VPN client ask you for the password (so the screen is opened) when you started configuring Auto-type and you did find the correct screen? If not then Keepass wouldn't know what to type into this window.

Also in Keepass Under 'Tools' - 'Options', tab 'Integration' you can find if in your case the Auto Type is also Ctrl-Alt-A.