Viscosity, Sophos XG SSL VPN, 2FA

Got a problem with Viscosity or need help? Ask here!


Posts: 1
Joined: Sat Jun 11, 2022 12:25 am

Post by cwo » Sat Jun 11, 2022 12:34 am

I tried to enable 2FA in my Sophos XG for SSL VPN access. The 2FA has to be entered in this way:
for example:
Is it possible to get this with Viscosity done? The option mentioned within the Knowledge Base
static-challenge "Enter Auth Code" 0
does not do it the way, XG expected it.

Thank you and regards,



User avatar
Posts: 2173
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Wed Jun 15, 2022 8:19 am
Hi Christian,

The latest beta version supports this, however I'm afraid we don't have any publicly available documentation for it yet. However it's fairly straight forward: simply add the advanced command below to your connection and then try connecting. For your connection something like
Code: Select all
#viscosity static-challenge-password "Enter Auth Code"
should work. ... n-commands
Syntax #viscosity static-challenge-password text [delimiter]

Specifies that Viscosity should separately prompt for a two-factor credential (such as a one-time password or PIN) and append this credential to the password sent to the server. The user will be prompted using the "text" parameter. If a delimiter (such as a special character) should be automatically added between the password and the two-factor credential, it can be optionally specified as the "delimiter" parameter. This command is designed to be used with servers using legacy authentication scripts (instead of modern challenge support) where the server expects both user's password and two-factor credential are combined. For example #viscosity static-challenge-password "Please enter your one time password" or #viscosity static-challenge-password "Please enter your one time password" "+".
For information on how to update to a beta version please see: ... -versions/

We'll have full documentation available upon full release of version 1.10.3.

James Bekkema
Viscosity Developer

2 posts Page 1 of 1