Skip to content

Instantly share code, notes, and snippets.

@dangra
Last active June 19, 2024 20:24
Show Gist options
  • Save dangra/0aa6a551faa8402734064405dc19c0c8 to your computer and use it in GitHub Desktop.
Save dangra/0aa6a551faa8402734064405dc19c0c8 to your computer and use it in GitHub Desktop.

Autofill OpenVPN OTP

On MacOS with Tunnelblick.

brew install oath-toolkit
mkdir ~/Documents/my-vpn.tblk
cp ~/Downloads/profile.ovpn ~/Documents/my-vpn.tblk/
printf "#!/bin/bash\n/usr/local/bin/oathtool --totp -b -d 6 {OTP_KEY_HERE}" > ~/Documents/my-vpn.tblk/static-challenge-response.user.sh
chmod +x ~/Documents/my-vpn.tblk/static-challenge-response.user.sh
  • Replace {OTP_KEY_HERE} with the actual TOTP key.
  • Replace profile.ovpn with the actual OpenVPN connection profile.
  • To install Tunnelblick profile, drag the my-vpn.tblk from Finder, to the Tunelblick status icon on the taskbar

Addtional notes

Once the .ovpn config is installed, Tunnelblick stores it at:

/Library/Application Support/Tunnelblick/Shared/MYCONFIGNAME.tblk/Contents/Resources/config.ovpn

Put static-challenge-response.user.sh in the same folder if already installed

Google Athenticator

To extract the OTP secret from Google Authenticator, follow the instructions at https://github.com/dim13/otpauth or https://github.com/digitalduke/otpauth-migration-decoder

To read the otpauth-migration link from the QRcode image exported from GAuthenticator use zbarimg from https://github.com/mchehab/zbar

Notes

Original version from https://gist.github.com/vlastikcz/50445200f840b71cf908076fb9a845d0

@dangra
Copy link
Author

dangra commented Feb 14, 2022

For instance:

# pwd
/Library/Application Support/Tunnelblick/Shared/my-vpn.tblk/Contents/Resources

# ls -l
-rwx------ 1 root wheel 17390 Aug 10  2021 config.ovpn
-rwxr-xr-x 1 root wheel    68 Feb 14 18:27 static-challenge-response.user.sh

# cat static-challenge-response.user.sh
#!/bin/bash
/usr/local/bin/oathtool --totp -b -d 6 QR_CODE_HERE

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment