about summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--README.md33
1 files changed, 33 insertions, 0 deletions
diff --git a/README.md b/README.md
new file mode 100644
index 000000000000..95e53115dcf0
--- /dev/null
+++ b/README.md
@@ -0,0 +1,33 @@
+Watchblob - WatchGuard VPN on Linux
+===================================
+
+This tiny helper tool makes it possible to use WatchGuard / Firebox / <<whatever
+they are actually called>> VPNs that use multi-factor authentication on Linux.
+
+Rather than using OpenVPN's built-in dynamic challenge/response protocol, WatchGuard
+has opted for a separate implementation negotiating credentials outside of the
+OpenVPN protocol, which makes it impossible to start those connections solely by
+using the `openvpn` CLI and configuration files.
+
+What this application does has been reverse-engineered from the "WatchGuard Mobile VPN
+with SSL" application on OS X. A writeup of the protocol and the security implications
+will be linked here in the future.
+
+## Installation
+
+Make sure you have Go installed and `GOPATH` configured, then simply
+`go get github.com/tazjin/watchblob`.
+
+## Usage
+
+Right now the usage is very simple. Make sure you have the correct OpenVPN client
+config ready (this is normally supplied by the WatchGuard UI) simply run:
+
+```
+watchblob vpnserver.somedomain.org username p4ssw0rd
+```
+
+The server responds with a challenge which is displayed to the user, wait until you
+receive the SMS code or whatever and enter it. `watchblob` then completes the
+credential negotiation and you may proceed to log in with OpenVPN using your username
+and *the OTP token* (**not**  your password) as credentials.