How to apply mOTP to SSL VPN Tunnel (take iPhone as

How to apply mOTP to SSL VPN Tunnel (take iPhone as an
example)
I. What is OTP and mobile-OTP
OTP (One-Time Password) is also named dynamic password with the feature of non-repeatability and
validness just for one time. It uses more secure way to authenticate the data, named Two-factors. For
the password will be changed all the time, it can avoid hackers or someone who interests to steal the
account and password and then result in severe information security issue.
mobile-OTP is a free-charge resolution with Strong Authentication. It can generate OTP by using the
mobile device (e.g., cell phone or PDA), USB disk, card or Token. Such resolution can visit router,
firewall, network server or build VPN Tunnel based on time synchronization and one-time password.
Refer to the following graphic for overall information.
1
II. How to apply mOTP to SSL VPN Tunnel
1. First of all, load OTP program into the mobile device as mOTP token. Take iPhone as an example. It
can access into iTunes APP store for downloading free-charge mOTP application. For other cell
phone / SmartPhone which supports JavaApplet, please access into Mobile one-time password
Website (http://motp.sourceforge.net/) to download MobileOTP.jar and MobileOTP.jad, and load into
cell phone / SmartPhone. Refer to the following graphic.
2. VPN client must type username and one-time password (OTP) for authentication made by Vigor
router.
3. Access into SSL VPN dial screen and choose Active-X/JavaApplet (determined by the browser that
the user uses) to process the job of SSL VPN.
4. Vigor router will carry out the SSL VPN dialing authentication. When it passes the authentication, it
means that SSL VPN is established successfully.
2
III. Example
In accordance to the above method, below shows an example by using Vigor2950. The user proceeds SSL
VPN connection by using iPhone as mOTP token.
A. System Configuration in Vigor Router
1. Log in the web configurator of Vigor2950 and choose System Maintenance>> Time and Date.
2. Choose Time Zone and make sure Current System time. Click OK to save it.
3. Open System Maintenance>>Management.
4. Check the boxes of Allow management from the internet and HTTPS Server to invoke relational
service. Then, press OK.
3
B. SSL VPN Configuration in Vigor Router
1. Open SSL VPN>>General Setup.
2. Check if SSL VPN port number is correct or not and select the Encryption Key Algorithm. Then,
click OK.
3. Open SSL VPN >> User Account. Click one index number to add a new SSL VPN dial-in account.
4. Check the box of Enable this account and check the box of SSL Tunnel.
5. Type the Username(in this case, it is Test)。
6. Check the box of Enable Mobile One-Time Passwords (mOTP).
7. Type the PIN Code (in this case, it is 1234).
8. Use the 32 digit-secret number generated by mOTP in iPhone (in this case, it is
e759bb6f0e94c7ab4fe689ebf00c5202, refer to section C steps 1-3).
4
9. Type the number “e759bb6f0e94c7ab4fe689ebf00c5202” in the field of Secret. Click OK to save
the configuration.
C. mOTP Operation in iPhone
Generate Secret Number (refer to the following graphics from left to right)
1. Choose mOTP in iPhone and select Setting. A prompt screen will appear. Please click OK.
2. Click Generate Secret.
3. iPhone will generate a 32-digit secret number randomly. Such number is the one that you can type in
the field of Secret number of Vigor2950 SSL VPN >>User Account configuration.
5
Generate One-time-password
1. Type the Pin code. Please use the number defined in section B, step 7 (in this case, it is 1234).
2. iPhone will create one 6-digit one-time password randomly. Such password is valid and can be used
for one time only.
D. SSL VPN Remote Dial-in Configuration
1. Access into the web configrator of Vigor2950 remotely via HTTPS.
2. Type the Username (in this case, it is Test) and type the Password (the 6-digit one-time password
generated by iPhone).
6
3. Click the link of SSL VPN.
4. Choose the dial-in way of SSL Tunnel. Active-X can be used for the users of Microsoft IE 6/7/8. After
choosing Run as ActiveX, please click Connect.
JavaApplet can be used for the users of Microsoft IE 6/7/8 and Firefox / Google Chrome. After
choosing Run as JavaApplet, please click Connect.
7
Note: If you choose JavaApplet to dial the SSL VPN connection, you have to close TLS 1.0 in
Advanced \ Security of JRE control panel for the JRE6.0 or newer version.
5. After pressing Connect, another window will pop up as follows. You can know whether SSL VPN
dialing connection is successful or not.
8