OpenVPN 2.x recently added support for extending the --static-challenge option with a third argument (scrv1 or concat) to specify whether the password and response should be concatenated or use the SCRV1 protocol (default: scrv1).
This allows simpler handling of password+response in some server-side scripts/plugins that expect plain concatenation instead of the SCRV1-formatted string.
OpenVPN3 currently supports --static-challenge with only two arguments (challenge text and echo flag), but lacks this third argument for format selection.
OpenVPN/openvpn@6f6a0f3
https://gerrit.openvpn.net/c/openvpn/+/665
https://patchwork.openvpn.net/project/openvpn2/patch/20240719131407.75746-1-frank@lichtenheld.com/#6530
OpenVPN/openvpn-gui#663
Example Usage
--static-challenge "Enter OTP:" 0 concat
This would prompt for the challenge response without echo and concatenate it directly with the password.
Why Needed
- Compatibility with servers expecting concatenation behavior.
- Parity with upstream OpenVPN features for easier migration.
OpenVPN 2.x recently added support for extending the
--static-challengeoption with a third argument (scrv1 or concat) to specify whether the password and response should be concatenated or use the SCRV1 protocol (default: scrv1).This allows simpler handling of password+response in some server-side scripts/plugins that expect plain concatenation instead of the SCRV1-formatted string.
OpenVPN3 currently supports
--static-challengewith only two arguments (challenge text and echo flag), but lacks this third argument for format selection.OpenVPN/openvpn@6f6a0f3
https://gerrit.openvpn.net/c/openvpn/+/665
https://patchwork.openvpn.net/project/openvpn2/patch/20240719131407.75746-1-frank@lichtenheld.com/#6530
OpenVPN/openvpn-gui#663
Example Usage
This would prompt for the challenge response without echo and concatenate it directly with the password.
Why Needed