On MacOS with Tunnelblick.
brew install oath-toolkit
mkdir ~/Documents/my-vpn.tblk
cp ~/Downloads/profile.ovpn ~/Documents/my-vpn.tblk/
printf "#!/bin/bash\n/usr/local/bin/oathtool --totp -b -d 6 {OTP_KEY_HERE}" > ~/Documents/my-vpn.tblk/static-challenge-response.user.sh
chmod +x ~/Documents/my-vpn.tblk/static-challenge-response.user.sh
- Replace {OTP_KEY_HERE} with the actual TOTP key.
- Replace
profile.ovpn
with the actual OpenVPN connection profile. - To install Tunnelblick profile, drag the
my-vpn.tblk
from Finder, to the Tunelblick status icon on the taskbar
Once the .ovpn config is installed, Tunnelblick stores it at:
/Library/Application Support/Tunnelblick/Shared/MYCONFIGNAME.tblk/Contents/Resources/config.ovpn
Put static-challenge-response.user.sh
in the same folder if already installed
To extract the OTP secret from Google Authenticator, follow the instructions at https://github.com/dim13/otpauth or https://github.com/digitalduke/otpauth-migration-decoder
To read the otpauth-migration link from the QRcode image exported from GAuthenticator use zbarimg
from https://github.com/mchehab/zbar
Original version from https://gist.github.com/vlastikcz/50445200f840b71cf908076fb9a845d0
For instance: