Compatibility with 2 factor authentication?

Matthew Kitchin (Public/Usenet) mkitchin.public at
Tue Jun 4 17:20:52 EDT 2013

On 5/30/2013 4:25 AM, David Woodhouse wrote:
> You could try updating just openconnect, perhaps? Although you might
> need a newer OpenSSL for that...
I upgraded my router to Attitude Adjustment and Openconnect 4.08. It now 
behaves differently with the Duo Security ( 
product. I now know a little bit more about why they are doing what they 
are doing. Duo Security had us load this javascript file on the web 
I have changed the sensitive values. This allows the various VPN clients 
to pop up a message on your smart phone or have your smart phone 
generate a code that becomes your second password. I assume this 
javascript is not agreeing with openconnect even for groups that do not 
have this feature enabled. The Duo Security feature is enable per VPN 
I have a script that contains the username and password for the VPN 
connection. On the older version of openconnect, it would prompt for 
additional username and password, and would let me in as long as I put 
in junk values. on 4.08, I get this:
Please enter your username and password.
Username:Failed to obtain WebVPN cookie
root at OpenWrt:~#
If I take the username and password out of the script, I get prompted 
for username and password. Once I enter valid credentials, I am prompted 
a second time. Again, I just have to put in junk values. This is all for 
a group that is not secured by Duo Security. This is obviously not a 
shortcoming of openconnect. I just didn't want to leave this issue 
without explaining what happened. If there is any way I could make open 
connect behave like a browser in this case, that would be really cool, 
but it is not something I would expect to work.

More information about the openconnect-devel mailing list