There's a thread from November 2017 in which Kevin Cernekee and Andy Wang discuss a Juniper VPN where TOTP fails to work: http://lists.infradead.org/pipermail/openconnect-devel/2017-November/004569.html
… and in that thread both "ftmTotpToken" and "frmTotpToken" are mentioned. It appears that the reason for the misbehavior discussed in the November 2017 is because of the (overlooked) typo in the code. I'm not sure how the "ftm" version got committed in the first place. ¯\_(ツ)_/¯. I did a bit of archeological digging, and I can't find the original patch (from November 29, 2016) anywhere on the mailing list, but it's obviously in the Git history: http://git.infradead.org/users/dwmw2/openconnect.git/commitdiff/1ff34cb9689fbaf57decac537df1e32e799bb9c7 Signed-off-by: Daniel Lenski <[email protected]> --- auth-juniper.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/auth-juniper.c b/auth-juniper.c index eee85d2..acd9c77 100644 --- a/auth-juniper.c +++ b/auth-juniper.c @@ -77,7 +77,7 @@ static int oncp_can_gen_tokencode(struct openconnect_info *vpninfo, if (strcmp(form->auth_id, "frmDefender") && strcmp(form->auth_id, "frmNextToken") && - strcmp(form->auth_id, "ftmTotpToken")) + strcmp(form->auth_id, "frmTotpToken")) return -EINVAL; return can_gen_tokencode(vpninfo, form, opt); -- 2.7.4 _______________________________________________ openconnect-devel mailing list [email protected] http://lists.infradead.org/mailman/listinfo/openconnect-devel
