if ($vpnsettings{FRAGMENT} ne '' && $vpnsettings{DPROTOCOL} ne 'tcp' ) {
print CLIENTCONF "fragment $vpnsettings{'FRAGMENT'}\r\n";
}
- if ($confighash{$cgiparams{'KEY'}}[43] eq 'on') {
- print CLIENTCONF "auth-nocache\r\n";
- print CLIENTCONF "auth-user-pass credentials\r\n";
- print CLIENTCONF "static-challenge \"One Time Password (OTP): \" 1\r\n";
-
- open(CLIENTCREDS, ">$tempdir/credentials") or die "Unable to open tempfile: $!";
- print CLIENTCREDS "user\r\n";
- print CLIENTCREDS "password";
- close(CLIENTCREDS);
- $zip->addFile( "$tempdir/credentials", "credentials") or die "Can't add file credentials\n";
- }
+
+ # Disable storing any credentials in memory
+ print CLIENTCONF "auth-nocache\r\n";
+
+ # Set a fake user name for authentication
+ print CLIENTCONF "auth-token-user USER\r\n";
+ print CLIENTCONF "auth-token TOTP\r\n";
+
+ # If the server is asking for TOTP this needs to happen interactively
+ print CLIENTCONF "auth-retry interact\r\n";
if ($include_certs) {
print CLIENTCONF "\r\n";
$confighash{$key}[42] = 'HOTP/T30/6';
$confighash{$key}[43] = $cgiparams{'OTP_STATE'};
- if (($confighash{$key}[43] == 'on') && ($confighash{$key}[44] == '')) {
+ if (($confighash{$key}[43] eq 'on') && ($confighash{$key}[44] eq '')) {
my @otp_secret = &General::system_output("/usr/bin/openssl", "rand", "-hex", "20");
$confighash{$key}[44] = $otp_secret[0];
- } elsif ($confighash{$key}[43] == '') {
+ } elsif ($confighash{$key}[43] eq '') {
$confighash{$key}[44] = '';
}