OpenConnect with fortinet and multifactor authentication

Daniel Lenski dlenski at gmail.com
Fri Sep 10 15:05:00 PDT 2021


Hi Ralph,

On Fri, Sep 10, 2021 at 9:01 AM Ralph Serge <ralph591 at protonmail.com> wrote:
> I came across OpenConnect while looking for a client to connect to a Fortinet VPN server using multifactor authentication.

It'd be great to have other users test our Fortinet MFA support.

Currently, it *only* supports the "challenge-based" MFA mode, because
that's the only one we know of that's used in the real world. See
https://gitlab.com/openconnect/openconnect/-/commit/426fc3d434ae614b7e10999aff84c52dcffd047a
for the implementation details.

> I am using OpenConnect v.8.10 on Arch linux.
>
> >openconnet --version
> OpenConnect version v8.10
> Using GnuTLS 3.7.2. Features present: PKCS#11, RSA software token, HOTP software token, TOTP software token, Yubikey OATH, System keys, DTLS, ESP
> Supported protocols: anyconnect (default), nc, gp, pulse

You'll need to build OpenConnect from the master-branch source (see
https://www.infradead.org/openconnect/building.html for instructions)
in order to get support for Fortinet, as well as for a ton of other
stuff we've added and improved since v8.10.

Fortinet source is not yet in any released version — but at this point
we're welllllll overdue for one. 😬

Dan



More information about the openconnect-devel mailing list