From 9056f15d8e96d05ec78d9a697e807f45a71f7900 Mon Sep 17 00:00:00 2001
From: Michael Blaschek <michael.blaschek@univie.ac.at>
Date: Fri, 24 Mar 2023 12:42:45 +0000
Subject: [PATCH] vpn update mfa

---
 SSH-VPN-VNC/VPN.md | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

diff --git a/SSH-VPN-VNC/VPN.md b/SSH-VPN-VNC/VPN.md
index 4e2d85e..552c02e 100644
--- a/SSH-VPN-VNC/VPN.md
+++ b/SSH-VPN-VNC/VPN.md
@@ -12,18 +12,31 @@ Links:
 
  * [ZID-VPN](https://vpn.univie.ac.at/f5-w-68747470733a2f2f7a69642e756e697669652e61632e6174$$/vpn/)
  * Linux (Ubuntu, Generic), Windows, Mac: [VPN user guides](https://vpn.univie.ac.at/f5-w-68747470733a2f2f7a69642e756e697669652e61632e6174$$/vpn/anleitungen/)
- * Arch based AUR package [AUR f5fpc](https://aur.archlinux.org/packages/f5fpc/)
+ * ~~Arch based AUR package [AUR f5fpc](https://aur.archlinux.org/packages/f5fpc/)~~ broken. Download via `yay`, replace `.deb` with `.deb` from ZID. `makepkg --skipinteg -i`.
 
 Follow the install instructions for Windows, Mac and Linux and make sure the software works.
 
 ![](https://zid.univie.ac.at/fileadmin/user_upload/d_zid/zid-open/daten/datennetz/vpn/Windows/08_verbinden.png)
 
 On Windows and Mac you get a nice gui that requires you to fill in the VPN server: `vpn.univie.ac.at` and username and password from the `u:account`. On Linux execute the following:
-```
+
+```sh title="Big IP Edge Linux connection"
+# split tunnel
 f5fpc -s -t vpn.univie.ac.at -u [user]
+# full tunnel (everything)
+
 ```
 The status can be checked with `f5fpc --info`.
 
+## Using Multi-factor Authentification (MFA)
+
+When you enable MFA ([ZID-VPN-MFA](https://zid.univie.ac.at/en/vpn/#c41781)) on the [VPN login page](https://vpn.univie.ac.at), you will have to enter the TOTP (time-based one time password) during login:
+
+```sh title="Big IP Edge Linux connection usinf MFA"
+# using the TOTP code (6 digits)
+f5fpc -s -t vpn.univie.ac.at -u [user]@[TOTP]
+```
+
 ## Connect script
 
 One can use the commands above or use the [connect2vpn](connect2vpn) script to connect to the University VPN service. Especially in Linux the interface is much more primitive than on Mac or Windows.
@@ -35,4 +48,4 @@ $ connect2vpn [u:account username]
 [VPN] Full (1) or split (None) tunnel? (1/None):
 ```
 Continue and wait until you get a response that it's connected.
-The status stays visible. 
\ No newline at end of file
+The status stays visible. 
-- 
GitLab