Title of the Procedure: Setting up MFA for DrayTek VPN with Android
Objective/Goal: To add an extra layer of security when accessing the VPN through the Multifactor Authentication
Overview of Process: The OTP Authenticator app will be set up to generate an mOTP then create an SSL VPN profile on the router with mOTP authentication. After that the SSL VPN profile in the SmartVPN client needs to be created. Lastly, connecting and using a VPN with mOTP two-factor authentication.
PROCEDURE 1: Generating the mOTP secret using the OTP Autheticator app
1. Download and install the OTP Authenticator app on your mobile/tablet device. The app is readily available to any iOS device.
NOTE: This app has an OS limitation. If you are an android user, you may not find it in Google Play Store. Please use this link to install the application to your mobile device, OTP Authenticator App (APK file) in case your search results are fruitless.
2. This step is for android users ONLY. After downloading the APK file, it is time to install the app in your device. When you click on the file from your downloads folder, a pop-out message will appear stating that letting this application in your device might put it at risk for data loss. Select Continue for this step then, choose Install.
Rest assured that the APK file is safe because it has been sourced from the app developer’s website. Your device should also be able to read this file as secured.
3. Open the app. Set the language to English.
4. Click Create a Profile. Choose Standard Algorithm. You will then be prompted by the app of the following step which is profile creation. In addition, it also provides an information about how the app works. Hit Ok, got it. Let’s start!.
5. Use LA-VPN as its profile name. Select Numeric (only 4 digits) for the PIN type. For the OTP Security, select keep generating. Pick Secret among the three Generation Method options then, key in the characters as follows 1234567890987654. Hit Save Profile after setting your profile up. You will now be taken to another page to review your profile, if all details are correct click on Finish.
Note: Each time you open the OTP Authenticator app, it will ask for a 4-digit PIN. That is how you will get the password to enter the Smart VPN Client application which will be discussed in the second procedure. Please use combination 4321 for this step.
PROCEDURE 2: Connecting and Using a VPN with mOTP Two-Factor Authentication
1. Go back to your computer and open DrayTek Smart VPN Client app. Click Profiles on the left side then, edit the existing profile.
2. Once you click Edit, make sure that the settings are like this:
3. Go back to Connection, set the active profile to the one we edited then, click connect.
4. Once you hit the Connect button, it will ask for a username and password.
- · Username: Your first name
- · To generate the password, follow these steps:
- 1 Go back to the OTP Authenticator app on your phone then open the profile you created.
- 2 Enter 4321 on the pin, hit New OTP after. It will then display the six-hex digit (0-9 & a-f, all lower case) one-time password.Note: The circle acts as a timer - once the timer completes, the one-time password will no longer be valid, and a new password will need to be generated with the correct PIN code.
5. Use the generated OTP as your password on the DrayTek Smart VPN Client application. Click OK.
Note: This password will also be stored but will be invalid after the VPN tunnel has connected, so it will be re-entered every time the VPN is connected.
6. Use the generated OTP as your password on the DrayTek Smart VPN Client application. Click OK.
7. Once the VPN successfully connects, the Smart VPN Client will minimise into the Windows System Tray and display a connection status notification in Windows:
8. Double-click the green system tray icon to display the Smart VPN Client. Alternatively, right click the Smart VPN Client system tray icon for quick access to connect/disconnect & statistics options:
9. Expanding the Smart VPN will show the connection status, clicking the Disconnect button will drop the VPN tunnel: