Page 1 of 1

Prompted for MFA code every time computer resumes from sleep

Posted: Sat Dec 09, 2017 5:47 am
by connie_xdotai
Hi all,

I just deployed Viscosity in my company and we're using Google Authenticator for MFA. The users are reporting back that they are being prompted for MFA code too often, mainly every time they wake their computer up from sleep and/or they got dropped from wifi.

They could have just logged in successfully a minute ago, and if they shut their MBP lids by accident, then immediately reopen the computer, they will be prompted for a MFA code. From my user's point of view, and rightly so, is that this is unnecessary and hinders productivity.

We are currently using OpenVPN AS the latest version 2.1.12 as our VPN server. We tested the native openvpn client (that came bundled with the OpenVPN AS) to see if it will prompt for MFA code once resuming from sleep, and it seems like it is able to reconnect without prompting for another code.

From the native OpenVPN client logs, it seems that before computer goes to sleep it sends a PAUSE API call to the OpenVPN AS server, and upon waking up triggers a RESUME API call.

Is there a way we can get Viscosity to either prompt for MFA less often, or have Viscosity mimic this same behavior that OpenVPN client does?

Thanks, Connie

Re: Prompted for MFA code every time computer resumes from sleep

Posted: Mon Dec 11, 2017 11:37 am
by James
Hi Connie,

We’ve identified an issue that could cause a session token to not persist across sleeps and reachability disconnect/reconnects in some instances. Please give the latest beta version a try, which should resolve this, and let us know if you’re still stuck:
https://www.sparklabs.com/support/kb/ar ... -versions/

If your users are sleeping their computer for longer than 5 minutes (OpenVPN-AS’s default session timeout time) and you’d still like the session to resume you’ll need to adjust the "session token inactivity timeout" as documented at:
https://docs.openvpn.net/command-line/o ... ty_timeout

Cheers,
James