Skip to content
Prompted for MFA code every time computer resumes from sleep
Got a problem with Viscosity or need help? Ask here!
- Posts: 3
- Joined: Sat Dec 09, 2017 5:14 am
Hi all,
I just deployed Viscosity in my company and we're using Google Authenticator for MFA. The users are reporting back that they are being prompted for MFA code too often, mainly every time they wake their computer up from sleep and/or they got dropped from wifi.
They could have just logged in successfully a minute ago, and if they shut their MBP lids by accident, then immediately reopen the computer, they will be prompted for a MFA code. From my user's point of view, and rightly so, is that this is unnecessary and hinders productivity.
We are currently using OpenVPN AS the latest version 2.1.12 as our VPN server. We tested the native openvpn client (that came bundled with the OpenVPN AS) to see if it will prompt for MFA code once resuming from sleep, and it seems like it is able to reconnect without prompting for another code.
From the native OpenVPN client logs, it seems that before computer goes to sleep it sends a PAUSE API call to the OpenVPN AS server, and upon waking up triggers a RESUME API call.
Is there a way we can get Viscosity to either prompt for MFA less often, or have Viscosity mimic this same behavior that OpenVPN client does?
Thanks, Connie
I just deployed Viscosity in my company and we're using Google Authenticator for MFA. The users are reporting back that they are being prompted for MFA code too often, mainly every time they wake their computer up from sleep and/or they got dropped from wifi.
They could have just logged in successfully a minute ago, and if they shut their MBP lids by accident, then immediately reopen the computer, they will be prompted for a MFA code. From my user's point of view, and rightly so, is that this is unnecessary and hinders productivity.
We are currently using OpenVPN AS the latest version 2.1.12 as our VPN server. We tested the native openvpn client (that came bundled with the OpenVPN AS) to see if it will prompt for MFA code once resuming from sleep, and it seems like it is able to reconnect without prompting for another code.
From the native OpenVPN client logs, it seems that before computer goes to sleep it sends a PAUSE API call to the OpenVPN AS server, and upon waking up triggers a RESUME API call.
Is there a way we can get Viscosity to either prompt for MFA less often, or have Viscosity mimic this same behavior that OpenVPN client does?
Thanks, Connie
Hi Connie,
We’ve identified an issue that could cause a session token to not persist across sleeps and reachability disconnect/reconnects in some instances. Please give the latest beta version a try, which should resolve this, and let us know if you’re still stuck:
https://www.sparklabs.com/support/kb/ar ... -versions/
If your users are sleeping their computer for longer than 5 minutes (OpenVPN-AS’s default session timeout time) and you’d still like the session to resume you’ll need to adjust the "session token inactivity timeout" as documented at:
https://docs.openvpn.net/command-line/o ... ty_timeout
Cheers,
James
We’ve identified an issue that could cause a session token to not persist across sleeps and reachability disconnect/reconnects in some instances. Please give the latest beta version a try, which should resolve this, and let us know if you’re still stuck:
https://www.sparklabs.com/support/kb/ar ... -versions/
If your users are sleeping their computer for longer than 5 minutes (OpenVPN-AS’s default session timeout time) and you’d still like the session to resume you’ll need to adjust the "session token inactivity timeout" as documented at:
https://docs.openvpn.net/command-line/o ... ty_timeout
Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
2 posts
Page 1 of 1