Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 16 replies
  • Answers 3 answers
  • Subscribers 33 subscribers
  • Views 18003 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Connect Client with OTP

Dirk Sterzenbach

Hi,

I like the new feature of a free IPSEC client introduced with 17.5. As far as In know the CPU load of IPSEC-VPN on the gateway is much lower. I have just tested it and I experienced one issue which somebody else might have discovered.

Sophos connect client without OTP for local user authentication: Working fine, connection establised quickly and network behind XG reachable.

Then I activated OTP for the user on the XG and re-configured the connection with Sophos connect admin, simply activated "Prompt for 2FA": Unfortunately it does not connect, an authentication error occurs. Checking the VPN log I found all entries comperable until an authenication is logged:

[IKE] <IPSEC_VPN | 10> Xauth authetication of 'user' (myself) failed.

Of course without OTP the authenication at that point is successful. Anyone who has successfully used Sophos Connect client with OTP?

BTW: Use of OTP with SSL VPN was succesful, the OTP has to be added directly to the password. So can't be a problem with OTP in general.

Cheers
Dirk



This thread was automatically locked due to age.
Parents
  • 0

    In case it helps others, I found that OTP for Sophos Connect did not work if I had enabled Sophos Connect before I enabled OTP. I had the same experience as the OP - the code would validate on the firewall (when configuring/checking time offset) but would not validate in the VPN client. I reset the Sophos Connect configuration on the firewall and recreated it with OTP already enabled - and it worked immediately afterwards.

  • 0 in reply to DavidRa

    Hello David,

     

    We have released Sophos Connect 1.3 EAP1. Please upgrade and try it out.

     

    Ramesh

  • 0 in reply to rmk_2018

    Hi Ramesh,

     

    I have exactly the same issue and tried all options as described in this topic, however no success. 

    Steps taken:

    Enabled the multi factor (with google authenticator)
    Recreated the Connect Client configuration
    Tested with the default settings (so no multi factor) --> no issues
    Tested with adding the code behind the password, doesn't work
    Tested with the changed config throught the admin (to type code seperately), doesn't work
    Downloaded the new client (MAC version) and tried all of the above, same results

    Maybe I'm missing some setting, but I'm lost, maybe you can help. 
    (PS when logging on to the portal itself, multi factor is working)

    Thanks,

    Johan

  • 0 in reply to Johan de Stigter

    Hi Ramesh,

     

    I fixed the issue, my bad :)

    I missed the option to enalbe OTP for IPsec Remote Access

    Something with RTFM :)

     

    Regards,

    Johan

Reply Children
No Data