RADIUS MFA and VPN

Do you use sophos connect or SSLVPN? 

The SSL VPN client.
I tested it with SophosConnect_2.0_(IPsec_and_SSLVPN).msi too. Its the same.

Sophos Connect has a config for Radius OTP. 

See: https://community.sophos.com/sophos-xg-firewall/f/recommended-reads/124501/3-ways-to-setup-xg-18-with-duo-2fa

Thanks.
If i want to download the Sophos Connect client (IPsec and SSL VPN) in the user portal i only get an info.txt. With this content:

Requested file could not be provided. Make sure Pattern Updates are working correctly.
You can find it under 'Backup & Firmware' -> 'Pattern Updates'

See: https://support.sophos.com/support/s/article/KB-000041377?language=en_US

This is fixed in the latest MR5, which got re released. 

OK, update .... :-)

we made an update but it is still not working.
Now i can download the client but the client doesnt ask for the second Faktor from the Radius Server. 
In user portal the MFA is working.

Client log files:

AUTH: Received control message: AUTH_FAILED,CRV1:R:1-

5.5.2021, 08:13:22 SSL Handshake: CN=SophosApplianceCertificate_CXXXXXXXXXXXB, TLSv1.2, cipher TLSv1.2 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
⏎5.5.2021, 08:13:22 Session is ACTIVE
⏎5.5.2021, 08:13:22 Sending PUSH_REQUEST to server...
⏎5.5.2021, 08:13:22 EVENT: GET_CONFIG ⏎5.5.2021, 08:13:23 Sending PUSH_REQUEST to server...
⏎5.5.2021, 08:13:25 Sending PUSH_REQUEST to server...
⏎5.5.2021, 08:13:25 EVENT: DYNAMIC_CHALLENGE CRV1:R:1-rthgtfhtrhztrhjtrzjztjrzutjztjtzjtjt0=:dggdgdgegertgZW 
5.5.2021, 08:13:25 EVENT: DISCONNECTED ⏎5.5.2021, 08:13:25 AUTH_FAILED
⏎

Hi, I have the same problem with v 18 MR5. It seems that Radius Challenge is arriving malformed to the openvpn client. 

It should be compose by 4 field separeted by : 

From openvpn code

/* expected: str = "E,R:challenge_id:user_b64:challenge_str" */

Did you have solved?

Hi, I have the same problem with v 18 MR5. It seems that Radius Challenge is arriving malformed to the openvpn client. 

It should be compose by 4 field separeted by : 

From openvpn code

/* expected: str = "E,R:challenge_id:user_b64:challenge_str" */

Did you have solved?