Skip to content

Add 2FA capability to nm-fortisslvpn when the second factor authentication code is sent via SMS/email/etc.

emelenas requested to merge emelenas/NetworkManager-fortisslvpn:2fa into main

The 2FA authentication process takes place when the user successfully signs in. There is a 2FA token sent to the user (can be via email or SMS) and has to be sent to the gateway. The current implementation apparently relies on the 'otp' setting, but it does not work (for me). The otp setting is hardwired to be NM_SETTING_SECRET_FLAG_NOT_SAVED. With this setting, nmcli asks for the otp token before logging in, and writes the token (cannot be empty) in the config file openfortivpn uses to establish the connection. The, openfortivpn sends said token and does not ask for a 2FA interactively.

I have submitted pull request to the openfortivpn developpers to use a specific hint for 2FA. The code in the present merge request will use that feature to set up the VPN 2FA process.

I contributed also the editor part for nm-applet.

Edited by emelenas

Merge request reports