Commit 1ff34cb9 authored by Janne Juntunen's avatar Janne Juntunen Committed by David Woodhouse

Add support for Google Authenticator 2fa on Juniper VPN

We resently changed our Juniper VPN from SMS 2fa to use Google
Authenticator instead. Before it worked perfectly with "openconnect
--juniper" switch, but after the change all we got was:

Unknown form ID 'frmTotpToken'
and a dump of the form.

I spent some time debugging the issue, and managed to write a very
simple fix for it.
Signed-off-by: default avatarJanne Juntunen <>
Signed-off-by: default avatarDavid Woodhouse <>
parent 8a350335
......@@ -76,7 +76,8 @@ static int oncp_can_gen_tokencode(struct openconnect_info *vpninfo,
return -EINVAL;
if (strcmp(form->auth_id, "frmDefender") &&
strcmp(form->auth_id, "frmNextToken"))
strcmp(form->auth_id, "frmNextToken") &&
strcmp(form->auth_id, "ftmTotpToken"))
return -EINVAL;
return can_gen_tokencode(vpninfo, form, opt);
......@@ -671,6 +672,12 @@ int oncp_obtain_cookie(struct openconnect_info *vpninfo)
role_select = 1;
} else if (!strcmp(form_id, "frmTotpToken")) {
form = parse_form_node(vpninfo, node, "totpactionEnter");
if (!form) {
ret = -EINVAL;
} else {
vpn_progress(vpninfo, PRG_ERR,
_("Unknown form ID '%s'\n"),
......@@ -16,6 +16,7 @@
<li><b>OpenConnect HEAD</b>
<li>Fix portability of shell scripts in test suite.</li>
<li>Add Google Authenticator TOTP support for Juniper.</li>
<li><b><a href="">OpenConnect v7.08</a></b>
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment