Autofill OTP on Tunnelblick.md

Autofill OpenVPN OTP

On MacOS with Tunnelblick.

brew install oath-toolkit
mkdir ~/Documents/my-vpn.tblk
cp ~/Downloads/profile.ovpn ~/Documents/my-vpn.tblk/
printf "#!/bin/bash\n/usr/local/bin/oathtool --totp -b -d 6 {OTP_KEY_HERE}" > ~/Documents/my-vpn.tblk/static-challenge-response.user.sh
chmod +x ~/Documents/my-vpn.tblk/static-challenge-response.user.sh

• Replace {OTP_KEY_HERE} with the actual TOTP key.
• Replace profile.ovpn with the actual OpenVPN connection profile.
• To install Tunnelblick profile, drag the my-vpn.tblk from Finder, to the Tunelblick status icon on the taskbar

Addtional notes

Once the .ovpn config is installed, Tunnelblick stores it at:

/Library/Application Support/Tunnelblick/Shared/MYCONFIGNAME.tblk/Contents/Resources/config.ovpn

Put static-challenge-response.user.sh in the same folder if already installed

Google Athenticator

To extract the OTP secret from Google Authenticator, follow the instructions at https://github.com/dim13/otpauth or https://github.com/digitalduke/otpauth-migration-decoder

To read the otpauth-migration link from the QRcode image exported from GAuthenticator use zbarimg from https://github.com/mchehab/zbar

Notes

Original version from https://gist.github.com/vlastikcz/50445200f840b71cf908076fb9a845d0

For instance:

# pwd
/Library/Application Support/Tunnelblick/Shared/my-vpn.tblk/Contents/Resources

# ls -l
-rwx------ 1 root wheel 17390 Aug 10  2021 config.ovpn
-rwxr-xr-x 1 root wheel    68 Feb 14 18:27 static-challenge-response.user.sh

# cat static-challenge-response.user.sh
#!/bin/bash
/usr/local/bin/oathtool --totp -b -d 6 QR_CODE_HERE