DynChap provides an additional pseudo hardware token based authentication layer for PoPToP virtual private networks. The authentication uses the user's mobile phone to generate a hash that needs to be entered along with the user's password in a custom connection dialogue. Upon connecting, the VPN verifies the authenticity of the hash. The hash is generated from a serial (by default 32 printable characters) stored in the J2ME based mobile phone and the current time; the VPN server compares this hash against the serial and current time, minus or plus a small deviation (by default 2 minutes). If the username, password, and hash match, access is granted and the custom dialer is closed, the connection can now be controlled like an ordinary VPN connection.