Dimitri Papadopoulos Orfanos

Any way, what's the second password, a one-time password different from the first password? Have you tried option `--otp`?

Indeed external helper programs with SUID set may help limit the part of the code that runs as root. I think that's what _FortiClient_ does. Of course external helper programs...

@zez3 Indeed using `sudo` sounds interesting, yet I'm not certain what you have in mind exactly. Could you please help me get a clearer view? Please note that what is...

Actually _openfortivpn_ should not **always** let _ppp_ modify routing and name resolution parameters for multiple reasons: * _ppp_ cannot handle part of the name resolution stuff: search domains, split DNS,...

@zez3 Please do post your findings on macOS in #428. It might be worth delving into _pppd_read()_ and _pppd_write()_: lots of things happen in there, including calling HDLC routines -...

@dwmw2 Thank you for the hint about [`vpnc-script`](https://gitlab.com/openconnect/vpnc-scripts/-/blob/master/vpnc-script). Does the script really work with most Linux distributions? It does seem worth integrating it - but I really don't have much...

That's exactly what [vpnc-scripts](https://gitlab.com/openconnect/vpnc-scripts) does: get information DNS and IP routes pushed by the server from the calling program. There are multiple ways to achieve that: * a file, *...

Additionally, the routing and DNS suggestions sent by the VPN server are parsed and known by openfortivpn, before even establishing the PPP tunnel. Most of the routing and DNS changes...

It is true that `pppd` is able to change DNS parameters on its own. This can lead to surprising bugs when both `openfortivpn` and `pppd` attempt to change these parameters....

Ideally, we would also get rid of `pppd` altogether, and replace it with PPP code embedded in `openfortivpn` associated to a tun device, as suggested in https://github.com/adrienverge/openfortivpn/issues/650#issuecomment-624511604.