Pause for OTP Timout
0 vote
Hi all!
We are happily using RDM with VPN sessions and OTP addedd to passwords in credential lists.
Could it be possible to create a delay option to wait for an amount of time before sec. 30 or sec 00 ? OTPs change every half minute exactly.
I currently use this script in all my OTP connections as a work-around:
$OTPWait = 5 # Number of seconds to start VPN client and fill credentials.
While ($true) {
$OTPSecCheck = (Get-Date).Second
if (($OTPSecCheck -ge 0 -and $OTPSecCheck -le (30 - $OTPWait)) -or ($OTPSecCheck -ge (31) -and $OTPSecCheck -le (60 - $OTPWait))) {
Write-Host "OTP Check - Sec: $OTPSecCheck, within range, continue." -Foregroundcolor Green
break
} else {
Start-Sleep -Seconds 1
Write-Host "OTP Check - Sec: $OTPSecCheck, wait for 0-$(30 - $OTPWait) or 31-$(60 - $OTPWait) sec." -Foregroundcolor Yellow
}
}
All Comments (9)
Hello,
Could you give us more information on how you've configured the OTP to be sent in your VPN? I want to understand the context to be sure what we think of as a solution would work.
Regards,
Hubert Mireault
I have got a Password List with several user names, passwords and OTP keys.
Within the VPN entry, I've selected "Linked (Vault)" as credentials and specified the Password List entry.
The mentioned PowerShell script is added to the VPN entry, as an event "Before Open".
Does this answer your question, or do you want me to create some dummy sessions and export them?
Sander
Hello,
Thank you for the information. I think we could add a setting to wait to generate the OTP if it's within a configurable time of being reset, similar to what your script does. I could see it being configurable under the "usage" setting:
If this would work for you, we'll open an internal ticket.
Regards,
Hubert Mireault
34c62f16-37ab-472b-9ff2-29bd09c36085.png
Yes, looks like a good one! And this would be for all entries linkable to an OTP right? Then yes please!
Exactly, this would be available on any entry with the "One time password" section in its setting (which is most entry types). Perfect, we'll open a ticket.
At the moment I can't give you an estimate on when we will be able to work on this as we're focusing on other roadmap items.
Regards,
Hubert Mireault
Hi, I think we are asking for the same thing. I am told its on the the roadmap but not a high priority until more customers request it.
https://forum.devolutions.net/topics/40707/otp-issue-with-vpn-session
Thanks
Iain
Version 2025.3.23.0 64-bit
Data Source SQL
Hello,
These seem like two different requests to me:
- In the current thread, we want RDM to wait to generate the OTP code if it's close to needing to be regenerated. The rest of the behavior for sending the OTP, from what I understand, is satisfactory
- In the other thread, we want RDM to add the "expected prompt" feature for VPNs. This would allow RDM to only send commands when the VPN is expecting that information, for example sending the username at the correct prompt, then the password, then the OTP
Both of these could be used jointly when implemented, for similar scenarios. But from the development perspective, those are two distinct features that can bring value to the application individually.
Let me know if I misunderstood either request.
Regards,
Hubert Mireault
Apologies, re reading the post you are quite correct!
Thanks
Iain
Version 2025.3.23.0 64-bit
Data Source SQL
No problem! I'd rather confirm I understood both scenarios properly so we don't work on something that won't help your workflow. 🙂
Regards,
Hubert Mireault