OpenConnect with fortinet and multifactor authentication

Daniel Lenski dlenski at
Fri Sep 10 15:05:00 PDT 2021

Hi Ralph,

On Fri, Sep 10, 2021 at 9:01 AM Ralph Serge <ralph591 at> wrote:
> I came across OpenConnect while looking for a client to connect to a Fortinet VPN server using multifactor authentication.

It'd be great to have other users test our Fortinet MFA support.

Currently, it *only* supports the "challenge-based" MFA mode, because
that's the only one we know of that's used in the real world. See
for the implementation details.

> I am using OpenConnect v.8.10 on Arch linux.
> >openconnet --version
> OpenConnect version v8.10
> Using GnuTLS 3.7.2. Features present: PKCS#11, RSA software token, HOTP software token, TOTP software token, Yubikey OATH, System keys, DTLS, ESP
> Supported protocols: anyconnect (default), nc, gp, pulse

You'll need to build OpenConnect from the master-branch source (see for instructions)
in order to get support for Fortinet, as well as for a ton of other
stuff we've added and improved since v8.10.

Fortinet source is not yet in any released version — but at this point
we're welllllll overdue for one. 😬


More information about the openconnect-devel mailing list