Re: The issue with DynamicID

PhongNN · ‎2020-02-17

Hi everybody

I am trying to configure Remote Access with DynamicID on R80.10 GW

I have a URL from SMS server Team to perform GET method to SMS server like this:

http://x.x.x.x:8083/VPNOTP/http/sendmsg?api_id=$APIID&user=vpnotp&password=xxx&to=0901441294&text=TestVPN

When i paste that link to a browser, i get an OTP code to my phone number

But when I run curl_cli on GW, the SMS server return to 505 Internal Error

I tried to capture packet, and I saw all field after "api_id=" was missing when run curl_cli

Is it due to a link error or is it because I incorrectly executed the syntax?

Thank you so much

G_W_Albrecht · ‎2020-02-17

sk160112: 'Dynamic Id authentication failed' error message while trying to connect to Mobile Access ...

sk109435: SMS with DynamicID verification code does not arrive after user successfully authenticated...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

PhongNN · ‎2020-02-17

Both 2 sk do not help me in this case 😄

Thank you

AndresMunoz · ‎2020-06-08

Hey buddy,

Did you solve it?

PhongNN · ‎2020-06-09

Hi Andres

Yes, I solve this case

I put links in quotes and I can run curl_cli normally

Note: In R80.x Check Point have integrated new I/S for DynamicID.
As part of this change, we have decided to verify the server reply, and as part of it, we are not accepting HTTP 500 replies.
This change was done for security and better code flow decisions. Because of this, with many case upgrade from R77 to R80.x, DynamicID cannot work

Thanks

MartinTzvetanov · ‎2020-06-10

I faced a problem with DynamicID at a customer. The SMS provider serves the api on http and https, but https works only with certificate. I had a case with CheckPoint regarding the situation and they said that the problem is in the certificate. I found a configuration file where you explicitly configure not to check the certificate (the same -k option you enter with curl/curl_cli) but it didn't work.

Anybody faced the same issue?

AndresMunoz · ‎2020-06-10

Hey Martin.

Did you modify this file? $CVPNDIR/bin/sendsms

Regards,

MartinTzvetanov · ‎2020-06-10

Hey,

I found this and change it following the document:

Maybe you mean to replace "${args[@]}" directly with -k ?

send_sms() {
$FWDIR/bin/curl_cli "${args[@]}" -D - -o /dev/null -s --disable-crl-check

henry_shih · ‎2021-07-10

We are in the process of selecting a SMS provider. Can you tell me who your SMS provider is?

Thanks.

Ruan_Kotze · ‎2021-07-10

Not OP - but I use Clickatell in my labs and demos and it works well.

henry_shih · ‎2021-07-10

Please see the attached file, what is the correct information (format and syntax) you put into the SMS settings field?

In check Point Admin. Guide, they have two examples. (not working at all). We would like to learn the correct configuration to put in.

a) To let the DynamicID code to be delivered by SMS only, use the following syntax:
https://api.example.com/http/sendmsg?api_id=$APIID&user=$USERNAME&password=$PASSWORD&to=$PHONE&text=...

c) To let the DynamicID code to be delivered by SMS or email, use the following syntax:
sms:https://api.example.com/sendsms.php?username=$USERNAME&password=$PASSWORD&phone=$PHONE&smstext=$MESS... mail:TO=$EMAIL;SMTPSERVER=smtp.example.com;FROM=sslvpn@example.com;BODY=$RAWMESSAGE

Ruan_Kotze · ‎2021-07-11

This is my Clickatell SMS string. The x's in the string is my API key:

https://platform.clickatell.com/messages/http/send?apiKey=xxxxxxxxxxxxxx&to=$PHONE&content=$MESSAGE

Are you a member of CheckMates?

The issue with DynamicID