# Connecting to Your VPN While In-Flight

So about two and a half months ago, I configured 2FA for our Meraki VPN service. ([Check out the write-up if you want to](https://hashnode.brandonscloud.com/duo-authentication-proxy-securing-our-meraki-vpn-with-2fa)) Works well and I slept a little better at night knowing that my remote users had secure access to the corporate network.

A common question I get is “How do I connect to the VPN while I am traveling, and only have registered my laptop to the airplane Wi-Fi? Paying for a second device (mobile phone) to access the in-flight Wi-Fi would be costly.”  

*That is a good question!* Unlike me, some people do like to get work done during a long flight. And we all know how *not* secure in-flight Wi-Fi is. In-Flight Wi-Fi connections are essentially the same public Wi-Fi hotspots that are used on the ground. Even paying for access does not mean your device is safe. 

 As a rule of thumb, **using a VPN connection is always recommended while conducting work activities on your laptop, especially from public Wi-Fi networks and hotspots.** Just because you’re in the air, doesn’t mean that your data can’t be stolen.

Also, the reliability of these connections is also not guaranteed. In-flight Wi-Fi from 30,000 feet still must travel through multiple routers and connections before it gets to its destination. To see how In-Flight Wi-Fi works, [check out this article from Reader’s Digest](https://www.rd.com/article/wifi-on-planes/).  

### So what can we do?

Even with your phone in Airplane mode, you can still authenticate with the Duo Mobile app using a [Mobile Passcode](https://duo.com/product/multi-factor-authentication-mfa/authentication-methods/tokens-and-passcodes). This works anywhere, even in places where you don't have an internet connection or can't get cell service.

I then remember that [Two-Factor Authentication for Meraki Client VPN](https://duo.com/docs/meraki-radius) supports push, phone call, or passcode authentication for desktop and mobile client connections.  *Perfect! I may have a solution!*

### How do we fix it?

On the Duo Mobile App, the user will need to tap the down indicator on the Duo-Protected Account to get a one-time passcode for login.

![Duo Down Indicator and PIN location ](https://cdn.hashnode.com/res/hashnode/image/upload/v1628904161903/nTqSpSO4v.png)

Then when the user logs in to their VPN connection, the user will append (add to the end of) their password a comma followed by the six-digit passcode generated in their Duo Mobile app. For example:


```username: bob```

```password: hunter2,123456``` 

These passcodes are for one-time use only. If a user cannot connect using the current mobile passcode on the Duo Mobile App, they will have to press the blue circular arrows and regenerate a mobile passcode. Then the user will enter that new passcode after the comma that is appended to their password.


![Regenerating a new Duo Passcode](https://cdn.hashnode.com/res/hashnode/image/upload/v1628904557801/l-Pgx3Unk.png)

Although I have not tested this out on a flight, I did simulate by putting my phone on "airplane" mode and connecting to my corporate VPN using the passcode that was generated in the Duo Mobile app. 

I was able to get the instructions out to my users today.  So fingers crossed that it works for them!

Thanks for reading!

**SIDE NOTE....**  Duo Security just rolled out their new [online learning platform](https://levelup.duo.com/).  It's free to Duo customers and has a few certification paths. I have gone through most of the material and I have been learning a lot about the various options there are.  As a Duo Administrator, I thought it was awesome. Needless to say, I am a big fan of Duo Security.

![Duo Certifications](https://cdn.hashnode.com/res/hashnode/image/upload/v1628906053941/X0Zu64Z0G.png)

 
