Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/tazjin/watchblob

Connect to 2-factor WatchGuard VPNs on Linux with OpenVPN
https://github.com/tazjin/watchblob

openvpn vpn watchguard

Last synced: about 2 months ago
JSON representation

Connect to 2-factor WatchGuard VPNs on Linux with OpenVPN

Awesome Lists containing this project

README 

        
Watchblob - WatchGuard VPN on Linux

===================================



This tiny helper tool makes it possible to use WatchGuard / Firebox / <> VPNs that use multi-factor authentication on Linux.



Rather than using OpenVPN's built-in dynamic challenge/response protocol, WatchGuard

has opted for a separate implementation negotiating credentials outside of the

OpenVPN protocol, which makes it impossible to start those connections solely by

using the `openvpn` CLI and configuration files.



What this application does has been reverse-engineered from the "WatchGuard Mobile VPN

with SSL" application on OS X.



I've published a [blog post](https://www.tazj.in/en/1486830338) describing the process

and what is actually going on in this protocol.



## Installation



Make sure you have Go installed and `GOPATH` configured, then simply

`go get github.com/tazjin/watchblob/...`.



## Usage



Right now the usage is very simple. Make sure you have the correct OpenVPN client

config ready (this is normally supplied by the WatchGuard UI) simply run:



```

watchblob vpnserver.somedomain.org username p4ssw0rd

```



The server responds with a challenge which is displayed to the user, wait until you

receive the SMS code or whatever and enter it. `watchblob` then completes the

credential negotiation and you may proceed to log in with OpenVPN using your username

and *the OTP token* (**not**  your password) as credentials.