How to use mOTP generated by Smart VPN Client to build

How to use mOTP generated by Smart VPN Client to build
VPN Tunnel
I. What is OTP and mobile-OTP
OTP (One-Time Password) is also named dynamic password with the feature of non-repeatability
and validness just for one time. It uses more secure way to authenticate the data, named Two-factors.
For the password will be changed all the time, it can avoid hackers or someone who interests to steal
the account and password and then result in severe information security issue.
mibile-OTP is a free-charge resolution with Strong Authentication. It can generate OTP by using
the mobile device (e.g., cell phone or PDA), USB disk, card or Token. Such resolution can visit
router, firewall, network server or build VPN Tunnel based on time synchronization and one-time
password. Refer to the following graphic for overall information.
II. How to apply mOTP to SSL VPN Tunnel
There are two methods to create dynamic password. One is created via mobile device (e.g., cell
phone); the other is created by using Smart VPN Client.
1. VPN client must type username, pin code and secret number for authentication made by Vigor
router.
2. Use Smart VPN Client to finish relational dial-in settings for remote dial-in profile. Later,
proceed to carry out remote VPN dial-in procedure.
3. Vigor router will carry out the VPN dialing authentication. When it passes the authentication, it
means that Remote Dial-in VPN is established successfully.
Note: For setting mOTP via mobile device, please refer to the section of How to apply mOTP to
SSL VPN Tunnel (take iPhone as an example) in Support>>Application Note>>VPN.
1
III. Example
In accordance to the above method, below shows an example by using Vigor2950. The user proceeds
Smart VPN Client connection by using Smart VPN Client as mOTP token.
A. System Configuration in Vigor Router
1. Log in the web configurator of Vigor2950 and choose System Maintenance>> Time and Date.
2. Choose Time Zone and make sure Current System time. Click OK to save it.
B. SSL VPN Configuration in Vigor Router
1. Open VPN and Remote Access>>Remote Dial-in User.
2. Click any of the index numbers to add a new remote dial-in account.
3. Check Enable this account, and check PPTP as the allowed dial-in type.
4. Type the Username (in this case, it is draytek)。
5. Check Enable Mobile One-Time Passwords (mOTP).
2
6. Type the PIN Code (in this case, it is 1234).
7. Use the 32 digit-secret number generated by mOTP in Smart VPN Client (in this case, it is
151b15172ea84f1d39351fb6 284a1af5, refer to section C steps 1-5)。
8. Click OK to save the configuration.
C. mOTP Operation in Smart VPN Client
1. Run Draytek Smart VPN Client. Click Insert to add a new VPN profile.
2. You can see the following screen.
3
3. Type the profile name for such VPN (in this case, it is Motp) and the VPN server IP address (in
this case, it is 114.37.161.182)。
4. Type the User Name (in this case, it is draytek) and check Enable Mobile one time password
(mOTP).
5. Press the button of Configure Secret for mOTP to generate the secrete number. In this case,
Automatically generate secret is selected. It will generate a 32-digit secret number
automatically. Next, click Generate.
4
6. A 32-digit secret number is generated randomly. Please click Copy. Fill this number in the field
of Secret in VPN and Remote Access>>Remote Dial-In User profile (refer to refer to section
B, steps 7)
7. Choose the type of VPN (in this case, it is PPTP) and choose Require Encryption.
8. Choose MS-CHAP v2 as Authentication method. Next, click OK to return to previous page.
9. After finishing Smart VPN Client configuration, click Connect to proceed the remote-dial in
connection.
10. 輸入 Useranme 及 pin code,此範例為 draytek 以及 1234。
5
D. Status of Remote VPN Dial-In Connection
Log in the web configurator of Vigor2950 and open VPN and Remote Access>>Connection
management. Check if the VPN connection is connected successfully or not.
6
Open as PDF
Similar pages