Hi , We are trying to configure the F5 OTP as a two factor authentication with below details Partition used for VPN - 2, SMS Gateway - Clickatell. I have refered document mentioned by Jason Rahm for Clickatell integration with F5. The document is very useful.But we are getting below error in report. "HTTP module: authentication with 'XXXXXXXXX' failed: Curl perform failed: Couldn't connect to server (7)" Where XXXXXXXXX is showing mobile number which is mentioned in AD. Can someone help me understand the possible reasons for this. Thanks, Rupesh

Can you test from cmd line using curl to check if you have connectivity issue to SMS gateway server?

Thanks Kunjan, I have already tried curl command and getting SMS , it's working fine.

But do you still have issue when triggered thru APM? If yes, can you do packet capture assuming the SMSgateway is on HTTP? If you are using Route Domain, it won't work. May also want to check on "Successful Logon Detection Match Value" is obtained in the response if managed to reach the gateway.

OTP generation on F5 and sending to Clickatel for two factor authentication

17 Replies

kunjan
Nimbostratus
May 09, 2014
Can you test from cmd line using curl to check if you have connectivity issue to SMS gateway server?
- Rupesh_M
  Nimbostratus
  May 10, 2014
  Thanks Kunjan, I have already tried curl command and getting SMS , it's working fine.
kunjan_118660
Cumulonimbus
May 09, 2014
Can you test from cmd line using curl to check if you have connectivity issue to SMS gateway server?
- Rupesh_M
  Nimbostratus
  May 10, 2014
  Thanks Kunjan, I have already tried curl command and getting SMS , it's working fine.
kunjan_118660
Cumulonimbus
May 10, 2014
But do you still have issue when triggered thru APM? If yes, can you do packet capture assuming the SMSgateway is on HTTP?

If you are using Route Domain, it won't work.

May also want to check on "Successful Logon Detection Match Value" is obtained in the response if managed to reach the gateway.
- Rupesh_M
  Nimbostratus
  May 10, 2014
  Thanks Kunjan, We are using route domain for VPN. Is there any workaround to make OTP SMS successful with route domain no 2 ?
kunjan
Nimbostratus
May 10, 2014
But do you still have issue when triggered thru APM? If yes, can you do packet capture assuming the SMSgateway is on HTTP?

If you are using Route Domain, it won't work.

May also want to check on "Successful Logon Detection Match Value" is obtained in the response if managed to reach the gateway.
- Rupesh_M
  Nimbostratus
  May 10, 2014
  Thanks Kunjan, We are using route domain for VPN. Is there any workaround to make OTP SMS successful with route domain no 2 ?
kunjan_118660
Cumulonimbus
May 10, 2014
APM will initiate the traffic from the RD0. Are you able to route the traffic to internet thru RD0?
- Rupesh_M
  Nimbostratus
  May 10, 2014
  I have tried creating HTTP profile in Common partition that is route domain 0, it didn't work. However in this case if traffic will get initiated with RD0 , then I Need to make reachability and allow access from SIP IP of RD0. I will try this option and update you on this.
kunjan
Nimbostratus
May 10, 2014
APM will initiate the traffic from the RD0. Are you able to route the traffic to internet thru RD0?
- Rupesh_M
  Nimbostratus
  May 10, 2014
  I have tried creating HTTP profile in Common partition that is route domain 0, it didn't work. However in this case if traffic will get initiated with RD0 , then I Need to make reachability and allow access from SIP IP of RD0. I will try this option and update you on this.
kunjan
Nimbostratus
May 11, 2014
It's not about the partition, it about the RD it is in.

The other option is to do a layered approach for RD2. But I think if you can route thru RD0, that will be simpler. Just curious, how does your DNS traffic go currently?
- Rupesh_M
  Nimbostratus
  May 13, 2014
  Hi Kunjan, Thanks for your reply. Its working now. SMS are getting delivered using SIP of RD0. It uses RD0 SIP for communication with SMS gateway.
kunjan_118660
Cumulonimbus
May 11, 2014
It's not about the partition, it about the RD it is in.

The other option is to do a layered approach for RD2. But I think if you can route thru RD0, that will be simpler. Just curious, how does your DNS traffic go currently?
- Rupesh_M
  Nimbostratus
  May 13, 2014
  Hi Kunjan, Thanks for your reply. Its working now. SMS are getting delivered using SIP of RD0. It uses RD0 SIP for communication with SMS gateway.
NN_212657
Nimbostratus
Aug 06, 2015
I have a similar problem with the provider textbelt.com, where the curl command fails this way :

curl: (7) Failed to connect to 2400:cb00:2048:1::681c:146b: Network is unreachable

same from the BIGIP command line.

Someone got a clue ?

Forum Discussion

OTP generation on F5 and sending to Clickatel for two factor authentication

17 Replies

Recent Discussions

Create a CSR and Key using the BigIP LTM GUI when renewing a certificate

F5 Rseries HA

Error when running bigip_command Playbook against LTM : Syntax Error: unexpected argument /bin/sh\n

Can iRule be used to perform exception of IPI category based on Geolocation

Can iRule mask the payload content on event logs of security

Related Content

F5 BIG-IP Access Policy Manager (APM) - Google Authenticator and Microsoft Authenticator

Google Authenticator Soft Token Generator

iRule - jwt is generated prior to authentication

SSL Orchestrator Advanced Use Cases: Detecting Generative AI

Doing mTLS Authentication per URL