|
|
||
|---|---|---|
| .. | ||
| default.nix | ||
| main.go | ||
| main_test.go | ||
| README.md | ||
| urls.go | ||
Watchblob - WatchGuard VPN on Linux
This tiny helper tool makes it possible to use WatchGuard / Firebox / <> VPNs that use multi-factor authentication on Linux.
Rather than using OpenVPN's built-in dynamic challenge/response protocol, WatchGuard
has opted for a separate implementation negotiating credentials outside of the
OpenVPN protocol, which makes it impossible to start those connections solely by
using the openvpn CLI and configuration files.
What this application does has been reverse-engineered from the "WatchGuard Mobile VPN with SSL" application on OS X.
I've published a blog post describing the process and what is actually going on in this protocol.
Installation
Make sure you have Go installed and GOPATH configured, then simply
go get github.com/tazjin/watchblob/....
Usage
Right now the usage is very simple. Make sure you have the correct OpenVPN client config ready (this is normally supplied by the WatchGuard UI) simply run:
watchblob vpnserver.somedomain.org username p4ssw0rd
The server responds with a challenge which is displayed to the user, wait until you
receive the SMS code or whatever and enter it. watchblob then completes the
credential negotiation and you may proceed to log in with OpenVPN using your username
and the OTP token (not your password) as credentials.