OpenVPN Static password + OTP in ONE STRING | Script

Viscosity Menu Icon Packs, Two-Factor Scripts, & OpenVPN Config Tool

Ro Bin-Wan Känobi

Posts: 1
Joined: Sat Jan 28, 2023 4:29 am

Post by Ro Bin-Wan Känobi » Sat Jan 28, 2023 5:39 am
Hi,
as long time user of this awesome openvpn app, I've developed a script to make my live easier.
Sometimes the password to login to OpenVPN Server is secured with a tailing otp "StaticPassword+OPT" , but many implementations take the OTP in a separat promt after the password (what may be saved at your keychain!

This script will ask you for the OTP and adds it behind your static password to be provided as one string!


viscosity-otp-script.png
screenshot viscosity-otp-scrips.scpt
viscosity-otp-script.png (66.37 KiB) Viewed 29543 times

Result: "mysecretpassword124365" -> CONNECT (or hit ENTER) ONLINE

This scrips is using your static password, asking for your OTP to type in and then provides this as a whole string to the login prompt of Viscosity!
Format: StaticPassword+OPT = "mysecretpassword124365"

Note: The password must be provided to the script in cleartext, making it less secure. So store it in a save place on your machine! This can be improved!

How to use:
- use ScriptEditor,Text editor or IDE you like and replace:
- MYUSERNAME
- MYPASSWORD

- SAVE as viscosity-otp-script.scpt ( the ending .scpt is important!)
- ADD the script to your OpenVPN configuration as "Before Connect Script"
( right click your (imported) OpenVPN configuration -> EDIT -> Advanced -> "Before Connect Script" | Select ... ) | SAVE

Now when you connect to your OpenVPN Server, a new dialog will pop up and ask you to provide the OTP!

CONNECT | ENTER = connects you to VPN
close = close the dialog only
quit = quits Viscosity app

Note: quit option was implemented because sometimes the handover of pw+otp can fail. MacOS will prompt the Keychain dialog instead. Then you have to quit and restart Viscosity. If this happens, DO NOT SAVE - it will leave you a faulty entry on your Mac what has to be removed. It usually can happen after connection timeout, network change (switch wifi or such things)).
Code: Select all
tell application "Viscosity"
	set username to "MYUSERNAME"
	set staticPassword to "MYPASSWORD"
	
	try
		set response to display dialog "please put the OTP TOKEN here" default answer "" with title (system attribute "displayName") with icon note buttons {"CONNECT", "close", "quit"} default button "CONNECT"
		if button returned of response is "CONNECT" then
			return "userpass " & username & " " & staticPassword & (text returned of response)
		end if
		
		if button returned of response is "quit" then
			tell application "Viscosity"
				quit
			end tell
		end if
	end try
	
	return "ViscosityNoConnect"
end tell

James

User avatar
Posts: 2312
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Wed Feb 01, 2023 5:21 am
Hi Ro Bin-Wan Känobi,

Thanks for your contribution - we always appreciate people taking the time to write up scripts or guides for the forum.

I also recommend taking a look at the "static-challenge-password" command, which should also implement what you're trying to do:
https://www.sparklabs.com/support/kb/ar ... e-password

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
2 posts Page 1 of 1