Save static challenge response?

Got a problem with Viscosity or need help? Ask here!

dgholz

Posts: 2
Joined: Tue Jan 21, 2020 1:23 am

Post by dgholz » Tue Jan 21, 2020 1:32 am
Hello, I've been using Viscosity for a while and it's great. We're using 2FA and Duo, and I always opt for a push notification to my phone when prompted for the static challenge. I'd like to save this, so I don't have to re-enter it every time I connect: I have to reconnect a few times a day, since switching between our wired & wireless networks causes the VPN to disconnect occasionally.

Is there an option for saving the response for the static challenge?

James

User avatar
Posts: 2313
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Tue Jan 21, 2020 8:10 pm
Hi dgholz,

I'm afraid there isn't a way to save a response to a challenge. One thing I know we've got an internal ticket for is to take a look and see if we can auto-detect that it's a Duo security challenge and be a little smarter with the dialog (i.e. have button options instead of having to type in a field). However it'll likely be some time before we can jump on that.

If you're in control of the OpenVPN server it would be possible to adjust the authentication script to avoid the challenge prompt. For example, you could always assume "push" when your username or certificate name is used, or allow it as an extension to the normal password instead (e.g. something like "mypassword+push", "mypassword+sms") and then clients can save that.

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs

dgholz

Posts: 2
Joined: Tue Jan 21, 2020 1:23 am

Post by dgholz » Wed Jan 22, 2020 11:25 pm
Thanks James. I guess I was thinking about a
Code: Select all
#viscosity-static-challenge-response
configuration option I could set in the Advanced tab of the connection, or a field in the Authentication tab that I could toggle between 'Ask/fixed response'; though a UI field would need some logic to handle when the static challenge fails with a fixed response and to switch back to 'Ask', and I understand that UI changes need to be carefully thought through.

I'm not in control of the OpenVPN server config, but I'll ask the team that is about extracting 2FA options from the user-provided password.
3 posts Page 1 of 1