<div dir="ltr">many thanks,<div>found that page :-))</div><div>A</div></div><div class="gmail_extra"><br><div class="gmail_quote">On 9 March 2017 at 16:27, Noel Kuntze <span dir="ltr"><<a href="mailto:noel@familie-kuntze.de" target="_blank">noel@familie-kuntze.de</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">That one's easy<br>
<a href="https://wiki.strongswan.org/projects/strongswan/wiki/EapRadius#Multiple-rounds" rel="noreferrer" target="_blank">https://wiki.strongswan.org/<wbr>projects/strongswan/wiki/<wbr>EapRadius#Multiple-rounds</a><br>
<span class=""><br>
On 09.03.2017 16:09, Alex Sharaz wrote:<br>
> Would certainly like to hear if anyone has managed it using ikev1 and XAUTH<br>
><br>
> A<br>
><br>
</span><span class="">> On 9 March 2017 at 11:54, Alex Sharaz <<a href="mailto:alex.sharaz@york.ac.uk">alex.sharaz@york.ac.uk</a> <mailto:<a href="mailto:alex.sharaz@york.ac.uk">alex.sharaz@york.ac.uk</a><wbr>>> wrote:<br>
><br>
> o.k. Was wondering because on our Juniper box a user logs on using their normal credentials using the pulse secure app and then gets prompted for the TOTP info afterwards.<br>
> Rgds<br>
> Alex<br>
><br>
><br>
</span><span class="">> On 9 March 2017 at 11:47, Noel Kuntze <<a href="mailto:noel@familie-kuntze.de">noel@familie-kuntze.de</a> <mailto:<a href="mailto:noel@familie-kuntze.de">noel@familie-kuntze.de</a><wbr>>> wrote:<br>
><br>
> Please make sure to always have the list in CC or TO, as well as the actual recipient.<br>
><br>
> I'm not aware of any feature of any client that enables it to support OTP and password auth at the same time.<br>
> Maybe other people know. With XAUTH, it is easy, because there's a feature for that that enables IKE responders<br>
> to specify several form fields in the user interface. Maybe some other person knows how to do that<br>
> and how to implement it in IKEv2.<br>
><br>
> On 09.03.2017 12:32, Alex Sharaz wrote:<br>
> > ikev2<br>
> ><br>
> ><br>
</span><span class="">> > On 9 March 2017 at 11:31, Noel Kuntze <<a href="mailto:noel@familie-kuntze.de">noel@familie-kuntze.de</a> <mailto:<a href="mailto:noel@familie-kuntze.de">noel@familie-kuntze.de</a><wbr>> <mailto:<a href="mailto:noel@familie-kuntze.de">noel@familie-kuntze.de</a> <mailto:<a href="mailto:noel@familie-kuntze.de">noel@familie-kuntze.de</a><wbr>>>> wrote:<br>
> ><br>
> > Implement it on the RADIUS in the EAP method? Do you use xauth-eap with eap-radius or do you use IKEv2?<br>
> ><br>
> > On 09.03.2017 10:25, Alex Sharaz wrote:<br>
> > > Probably too generic a question but has anyone integrated a StronghSwan VPN service with the DUO Mobile TimeBase One Time Password (TOTP) feature?<br>
> > ><br>
> > > Ideally want<br>
> > ><br>
> > > 1). x.509 cert to identify our VPN service to client<br>
> > > 2). use eap-radius method for ikev2 connections for user auth<br>
> > > 3). TOTP on top of that<br>
> > > 1 & 2 work just fine, just need to figure out how to do (3)<br>
> > ><br>
> > > Rgds<br>
> > > Alex<br>
> > ><br>
> > ><br>
> > ><br>
> > ><br>
> > ><br>
> > > ______________________________<wbr>_________________<br>
> > > Users mailing list<br>
</span>> > > <a href="mailto:Users@lists.strongswan.org">Users@lists.strongswan.org</a> <mailto:<a href="mailto:Users@lists.strongswan.org">Users@lists.<wbr>strongswan.org</a>> <mailto:<a href="mailto:Users@lists.strongswan.org">Users@lists.<wbr>strongswan.org</a> <mailto:<a href="mailto:Users@lists.strongswan.org">Users@lists.<wbr>strongswan.org</a>>><br>
> > > <a href="https://lists.strongswan.org/mailman/listinfo/users" rel="noreferrer" target="_blank">https://lists.strongswan.org/<wbr>mailman/listinfo/users</a> <<a href="https://lists.strongswan.org/mailman/listinfo/users" rel="noreferrer" target="_blank">https://lists.strongswan.org/<wbr>mailman/listinfo/users</a>> <<a href="https://lists.strongswan.org/mailman/listinfo/users" rel="noreferrer" target="_blank">https://lists.strongswan.org/<wbr>mailman/listinfo/users</a> <<a href="https://lists.strongswan.org/mailman/listinfo/users" rel="noreferrer" target="_blank">https://lists.strongswan.org/<wbr>mailman/listinfo/users</a>>><br>
<div class="HOEnZb"><div class="h5">> > ><br>
> ><br>
> > --<br>
> ><br>
> > Mit freundlichen Grüßen/Kind Regards,<br>
> > Noel Kuntze<br>
> ><br>
> > GPG Key ID: 0x63EC6658<br>
> > Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658<br>
> ><br>
> ><br>
> ><br>
><br>
> --<br>
><br>
> Mit freundlichen Grüßen/Kind Regards,<br>
> Noel Kuntze<br>
><br>
> GPG Key ID: 0x63EC6658<br>
> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658<br>
><br>
><br>
><br>
><br>
<br>
--<br>
<br>
Mit freundlichen Grüßen/Kind Regards,<br>
Noel Kuntze<br>
<br>
GPG Key ID: 0x63EC6658<br>
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658<br>
<br>
<br>
</div></div></blockquote></div><br></div>