...
- Username: From the drop-down menu, select the name of the user account created in step 3.5.
Hash algorithm: From the drop-down menu, select the option SHA-256. If your authenticator app does not support the hash algorithm SHA256, you can use SHA1.
- Time step: This parameter is the interval after which a new OTP token is generated. Leave the setting at the default value of 30 seconds.
- Network delay: This parameter specifies the number of time steps by which the clock of the end device with the authenticator app may deviate from the time of the router. The router then also checks the OTPs before and after. Leave this setting at the default value of 1 (i.e. OTPs are checked 30 seconds before and after).
- Secret: Enter a 16-digit password. This should contain capital letters and numbers between 2 - 7 only (see RFC3548). The password is encoded in Base32 and shared with the authenticator.
- Issuer: Enter a descriptive name for the issuer (in this example LANCOM-OTP).
- Number digits: Leave the setting at the default value of 6 characters.
...
| Hinweis |
|---|
The Hash algorithm SHA256 is currently not supported by some older Android devices and the Microsoft Authenticator. In this case please use SHA1. If the Google Authenticator is used, the Secret must have at least 16-digits, as otherwise the scan of the QR code will fail. |
4) Exporting the CA certificate from the LANCOM router and importing it into the Advanced VPN Client:
...