TOTPRadius VPN Portal - Client Authentication flow

No special VPN client installation is required for VPN Portal-based authentication to function, although we have released a special VPN helper app to simplify the user experience and make the process as fast as possible; one click will be enough to establish a VPN link. The VPN Portal will support systems relying on standard VPN protocols (LT2TP and L2TP/IPSec), such as Meraki Client VPN and Fortinet VPN solutions. 

The data flow diagram below illustrate the principle of the VPN Portal

User logs in to a web interface where several files are generated. The user chooses to download a file named username.t2vpn and double-clicks on it (in some browsers it is possible to configure to "always open the file of this type" - this will save an extra click). If installed, our VPN Helper app (T2VPN) launches, parses the t2vpn file, extracts the  VPN info (host, connection type, username and password) and initiates VPN connection. Once the connection is successful, the t2vpn file is removed for security purposes. Here is how the process looks like under Windows 10:

A similar helper app also exists for MacOS, with the only difference: creating a VPN entry requires admin password (which is not a requirement with Windows). The video below shows the process of using OAuth2 based VPN login under MacOS using T2VPN Helper app:

---

Using T2VPN app is optional, there are possibilities to use a batch file for Windows, or .mobileconfig files for iOS and MacOS machines - however executing these options require additional user actions.