don't ever connect automatically

Got a problem with Viscosity or need help? Ask here!

corbosman

Posts: 1
Joined: Sat Jul 13, 2019 9:45 pm

Post by corbosman » Sat Jul 13, 2019 9:49 pm
Hi, we use a system where people fill in a username and a yubikey+pincode output as their password. This works fine, but im stuck with a bit of a nuisance in viscosity. Every time I try to connect the VPN, viscosity tries to connect using a previous user/pass. Since this will never work, I have to wait for a timeout and only then can I enter the correct new yubikey code. It doesn't matter if i untick 'dont remember password'. It still does.

Is there a way to tell viscosity to never ever try to automatically fill in a user/pass and try to connect with that?

James

User avatar
Posts: 2313
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Tue Jul 16, 2019 6:22 pm
Hi corbosman,

Using the Username/Password prompt isn't recommended when asking the user for two-factor credentials. Instead OpenVPN's two-factor prompt support (known as "challenge/response") should be used. More information about this, including server setup guides and examples, can be found at the links below:
https://www.sparklabs.com/support/kb/article/yubikey-otp-two-factor-authentication-with-openvpn-and-viscosity/
https://www.sparklabs.com/forum/viewtopic.php?t=1279#p3677

In the meantime, I recommend clearing the existing saved Username/Password from your Keychain, which will force Viscosity to immediately prompt for the login details when connecting. The steps for doing this are the same as listed in the "Keychain Entry Corruption" section in the following article:
https://www.sparklabs.com/support/kb/article/problem-saving-details-into-the-keychain/

If you also want to prevent users from saving a Username and Password, please see:
https://www.sparklabs.com/forum/viewtopic.php?f=9&t=2249&p=6679#p6679

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
2 posts Page 1 of 1