Issue
For Mobile VPN with SSL, AuthPoint authentication fails in Android OpenVPN v3.4.0 (9755) when the Firebox resource in AuthPoint is configured to use the OTP authentication method.
Workaround/Solution
Configure the authentication policy for the Firebox resource in AuthPoint to use only the password and push authentication methods (not OTP).
If you need to use OTP authentication for the VPN, you have three options:
Downgrade Android OpenVPN to v3.3.0.Use a RADIUS client resource (instead of a Firebox resource) for AuthPoint MFA. For detailed steps to configure a RADIUS client resource for your VPN, see the Configure AuthPoint MFA for Firebox Mobile VPN with SSL (Fireware v12.6.x and Lower) section of Firebox Mobile VPN with SSL Integration with AuthPoint.Move your OpenVPN users to a new AuthPoint group, then create a new authentication policy for the OpenVPN users and the Firebox resource with only the password and push authentication methods. With this setup, OpenVPN users have an authentication policy that requires the password and push authentication methods, and you can have a second authentication policy for users that need OTP authentication and do not use OpenVPN. If you sync users from Active Directory, this requires you to create a new OpenVPN user group in Active Directory and a new AuthPoint group sync to sync those users.
