I am trying to use Draytek Smart VPN on an Android to connect to my 2680 with a motp. I have SSL vpn enabled and the user created etc.

I am trying DroidOTP for the motp app as I saw some references on this form. Any other recommendations?

At present, whatever I try with motp enabled, I just get authentication failed. If I just set a password instead of motp, all is well. So just the motp part the issue.

I have check the time on my phone and the router. I have tried a 16 and 32 character secrets. What length should the secret be please?

thanks

I have this working and am using a 32 character secret in the app and on the router. I generated the secret in the app and copied that into the router field.
You need to make sure the router is using an NTP source and is updating regularly due to the time critical nature of the generated code - the phone should be doing that anyway off the mobile network. Click the inquire time on your router and see if the time jumps to indicate it has had to make an adjustment. Check the timezone configured on your router. It is worth persevering for the additional security it provides.

One more thing - make sure when you test it from the phone you are only using your phones mobile network or a wifi network that is not yours i.e. not trying to connect remotely to the network you are connected to locally.

fryr wrote: I have this working and am using a 32 character secret in the app and on the router. I generated the secret in the app and copied that into the router field.
You need to make sure the router is using an NTP source and is updating regularly due to the time critical nature of the generated code - the phone should be doing that anyway off the mobile network. Click the inquire time on your router and see if the time jumps to indicate it has had to make an adjustment. Check the timezone configured on your router. It is worth persevering for the additional security it provides.

One more thing - make sure when you test it from the phone you are only using your phones mobile network or a wifi network that is not yours i.e. not trying to connect remotely to the network you are connected to locally.

Thanks for the reply, I have run out of fresh ideas myself.

However I think I have covered off most of what you suggest:
I am testing with my phone on 4G (mobile network)
Router is getting time from an NTP. GMT with daylight saving enabled. I have clicked inquire to ensure up to date.
Phone is getting time from the mobile network. In DroidOTP (the motp app I am using) I can see the time between phone and router about 9 seconds out, which the app has a correction for so you can dial them in. This I have have tried with with many variations of offset.
I have tried 4 digit pins and 7 digit pins. I have tried 16 character secrets and 32 character secrets.


What motp app are you using please? Is that a 4 digit pin with the 32 character secret?

Thanks again.

@ fryr - are you using the Smart VPN app on Android or native VPN connectivity?


What I have discovered is that my motp config works fine with L2TP/IPSEC (AES) connections from both Windows and Android clients. This is with a four digit pin and a 16 character secret (as this was the last combo I tried). It is just the Android Smart VPN app that is not working with motp for me.

I am using Android 7.0 and Smart VPN 1.0.9.

I am not sure I have an audience, but for anyone following, the penny has dropped! :idea:

My error was this:
Without realising, I was using both the SmartVPN built in OTP generator AND a separate OTP app. I can after extensive testing tell you beyond doubt this does not work! :lol:

If using a separate motp generator (like the excellent DroidOTP), DO NOT enter the secret into the Smart VPN app. If you do enter your secret into the Smart VPN app, you do not need a separate motp app and you enter your pin (not a generated password) as the password.

A silly mistake now I see what I had done. However the smart VPN app for Android not document. It was only a combination of realising this was wrong and the Windows Smart VPN documentation that confirmed it.