Security code support (TOTP)

[SorianoMarmol]

Hello,

First, I would like to thank you for your work and effort; tunblkctl is really useful.

In my case, the VPN requires an additional security code (TOTP). I would like to know if it is possible to pass it to the client via command, so as not to enter it manually.

Thank you very much!

[azhuchkov]

Hello!

Thanks for the kind words! Well, the tool doesn't support it right away, and I suppose will not support, since it raises a security concern.

But you still can implement something like that (some AppleScript knowledge may be required). Also you may find Tunnelblick hooks mechanism useful: https://superuser.com/questions/1201961/tunnelblick-mac-scripts

[SorianoMarmol]

Thank you very much!
Due to work reasons, I've been forced to use a Mac, but I'm still in a Linux mindset.

In this case, I have a function in my zshrc to obtain the TOTP using the OnePassword CLI and then launch tunblkctl, so it's not too dramatic.

function get_vpn_totp() {
    echo "getting pass from op & sleeping 3 seconds"
    TOTP=$(op item get MyVPN --totp)
    echo $TOTP | pbcopy
    echo "TOTP is: $TOTP"
    $(tunblkctl connect --wait client)
    echo "ok"
}

Hence the question, in case the parameter could be added.

I think what I have is sufficient, but I will consider what you've mentioned ;)

You can close the issue if you see fit :D