Operational Defect Database
BugZero found this defect 110 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
WatchGuard Technologies | kA16S000000bzJ4SAI
Mobile VPN with SSL - AuthPoint Push/OTP authentications fail with Android OpenVPN v3.4.0 (9755)
Last update date:
1/30/2024
Affected products:
AuthPoint
Firebox M200
Firebox M300
Firebox M270
Firebox M370
Firebox M470
Firebox M570
Firebox M670
Firebox M290
Firebox M390
Firebox M400
Firebox M500
Affected releases:
All
AuthPoint
Fireware
11.x
11.1.x
11.10.x
11.10
11.10.1
11.10.2
11.10.3
11.10.4
11.10.5
Fixed releases:
All
Description:
Issue
For Mobile VPN with SSL, AuthPoint authentication fails in Android OpenVPN v3.4.0 (9755) when the Firebox resource in AuthPoint is configured to use the OTP authentication method.
Workaround/Solution
Configure the authentication policy for the Firebox resource in AuthPoint to use only the password and push authentication methods (not OTP). If you need to use OTP authentication for the VPN, you have three options: Downgrade Android OpenVPN to v3.3.0.Use a RADIUS client resource (instead of a Firebox resource) for AuthPoint MFA. For detailed steps to configure a RADIUS client resource for your VPN, see the Configure AuthPoint MFA for Firebox Mobile VPN with SSL (Fireware v12.6.x and Lower) section of Firebox Mobile VPN with SSL Integration with AuthPoint.Move your OpenVPN users to a new AuthPoint group, then create a new authentication policy for the OpenVPN users and the Firebox resource with only the password and push authentication methods. With this setup, OpenVPN users have an authentication policy that requires the password and push authentication methods, and you can have a second authentication policy for users that need OTP authentication and do not use OpenVPN. If you sync users from Active Directory, this requires you to create a new OpenVPN user group in Active Directory and a new AuthPoint group sync to sync those users.
