[strongSwan] DUO TOTP and Strongswan

Noel Kuntze noel at familie-kuntze.de
Thu Mar 9 17:27:15 CET 2017 

That one's easy
https://wiki.strongswan.org/projects/strongswan/wiki/EapRadius#Multiple-rounds

On 09.03.2017 16:09, Alex Sharaz wrote:
> Would certainly like to hear if anyone has managed it using ikev1 and XAUTH
> 
> A
> 
> On 9 March 2017 at 11:54, Alex Sharaz <alex.sharaz at york.ac.uk <mailto:alex.sharaz at york.ac.uk>> wrote:
> 
>     o.k. Was wondering because on our Juniper box a user logs on using their normal credentials using the pulse secure app and then gets prompted for the TOTP info afterwards. 
>     Rgds
>     Alex
> 
> 
>     On 9 March 2017 at 11:47, Noel Kuntze <noel at familie-kuntze.de <mailto:noel at familie-kuntze.de>> wrote:
> 
>         Please make sure to always have the list in CC or TO, as well as the actual recipient.
> 
>         I'm not aware of any feature of any client that enables it to support OTP and password auth at the same time.
>         Maybe other people know. With XAUTH, it is easy, because there's a feature for that that enables IKE responders
>         to specify several form fields in the user interface. Maybe some other person knows how to do that
>         and how to implement it in IKEv2.
> 
>         On 09.03.2017 12:32, Alex Sharaz wrote:
>         > ikev2
>         >
>         >
>         > On 9 March 2017 at 11:31, Noel Kuntze <noel at familie-kuntze.de <mailto:noel at familie-kuntze.de> <mailto:noel at familie-kuntze.de <mailto:noel at familie-kuntze.de>>> wrote:
>         >
>         >     Implement it on the RADIUS in the EAP method? Do you use xauth-eap with eap-radius or do you use IKEv2?
>         >
>         >     On 09.03.2017 10:25, Alex Sharaz wrote:
>         >     > Probably too generic a question but has anyone integrated   a StronghSwan VPN service with the DUO Mobile TimeBase One Time Password (TOTP) feature?
>         >     >
>         >     > Ideally want
>         >     >
>         >     > 1). x.509 cert to identify our VPN service  to client
>         >     > 2). use eap-radius method for ikev2 connections for user auth
>         >     > 3). TOTP on top of that
>         >     >  1 & 2 work just fine, just need to figure out how to do (3)
>         >     >
>         >     > Rgds
>         >     > Alex
>         >     >
>         >     >
>         >     >
>         >     >
>         >     >
>         >     > _______________________________________________
>         >     > Users mailing list
>         >     > Users at lists.strongswan.org <mailto:Users at lists.strongswan.org> <mailto:Users at lists.strongswan.org <mailto:Users at lists.strongswan.org>>
>         >     > https://lists.strongswan.org/mailman/listinfo/users <https://lists.strongswan.org/mailman/listinfo/users> <https://lists.strongswan.org/mailman/listinfo/users <https://lists.strongswan.org/mailman/listinfo/users>>
>         >     >
>         >
>         >     --
>         >
>         >     Mit freundlichen Grüßen/Kind Regards,
>         >     Noel Kuntze
>         >
>         >     GPG Key ID: 0x63EC6658
>         >     Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
>         >
>         >
>         >
> 
>         --
> 
>         Mit freundlichen Grüßen/Kind Regards,
>         Noel Kuntze
> 
>         GPG Key ID: 0x63EC6658
>         Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
> 
> 
> 
> 

-- 

Mit freundlichen Grüßen/Kind Regards,
Noel Kuntze

GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 866 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170309/a79bfa38/attachment.sig>

More information about the Users mailing list