Adelaide University VPN, Openconnect and Duo

The backstory

Adelaide University recently introduced two factor authentication (2FA) on their VPN using Duo. Previously you could connect to the VPN using openconnect on *nix systems and it worked fine. Now that there’s 2FA, you need to slightly change how you connect.

I’m running on Linux Mint 18 using openconect v7.06 in case you’re looking at this years in the future and versions matter.

Big thanks to for explaining the double password prompt. This post is just explaining Daniel’s work for the command line.

The fix

This assumes that you’ve already installed the Duo 2FA app on your phone ( and that you’ve set it up.

You still run the same command that you would have previously:

sudo openconnect \
  -b \
  -u <your a-number> \

…then you’ll be prompted to enter your password but once you’ve entered it, you’ll be prompted a second time for password. This second prompt is actually asking you what 2FA method you would like to use. You’ll want to use push most likely to have it send the prompt to your Duo app on your mobile. You can see a bit more discussion about available methods on the Duo site:

Users will provide a passcode or factor identifier (eg. “push”, “phone”, “sms”) as their OpenVPN password.

See the output from the previous command with two password prompts.

Attempting to connect to server
SSL negotiation with
Connected to HTTPS on
XML POST enabled
Please enter your username and password.
Got CONNECT response: HTTP/1.1 200 OK
CSTP connected. DPD 30, Keepalive 20

You should get a prompt on your phone from the Duo app, which you can confirm, then the connection will (should) complete and you’re connected.

comments powered by Disqus