[strongSwan] DUO TOTP and Strongswan

Noel Kuntze noel at familie-kuntze.de
Thu Mar 9 12:47:10 CET 2017


Please make sure to always have the list in CC or TO, as well as the actual recipient.

I'm not aware of any feature of any client that enables it to support OTP and password auth at the same time.
Maybe other people know. With XAUTH, it is easy, because there's a feature for that that enables IKE responders
to specify several form fields in the user interface. Maybe some other person knows how to do that
and how to implement it in IKEv2.

On 09.03.2017 12:32, Alex Sharaz wrote:
> ikev2
> 
> 
> On 9 March 2017 at 11:31, Noel Kuntze <noel at familie-kuntze.de <mailto:noel at familie-kuntze.de>> wrote:
> 
>     Implement it on the RADIUS in the EAP method? Do you use xauth-eap with eap-radius or do you use IKEv2?
> 
>     On 09.03.2017 10:25, Alex Sharaz wrote:
>     > Probably too generic a question but has anyone integrated   a StronghSwan VPN service with the DUO Mobile TimeBase One Time Password (TOTP) feature?
>     >
>     > Ideally want
>     >
>     > 1). x.509 cert to identify our VPN service  to client
>     > 2). use eap-radius method for ikev2 connections for user auth
>     > 3). TOTP on top of that
>     >  1 & 2 work just fine, just need to figure out how to do (3)
>     >
>     > Rgds
>     > Alex
>     >
>     >
>     >
>     >
>     >
>     > _______________________________________________
>     > Users mailing list
>     > Users at lists.strongswan.org <mailto:Users at lists.strongswan.org>
>     > https://lists.strongswan.org/mailman/listinfo/users <https://lists.strongswan.org/mailman/listinfo/users>
>     >
> 
>     --
> 
>     Mit freundlichen Grüßen/Kind Regards,
>     Noel Kuntze
> 
>     GPG Key ID: 0x63EC6658
>     Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
> 
> 
> 

-- 

Mit freundlichen Grüßen/Kind Regards,
Noel Kuntze

GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 866 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170309/53f1bf73/attachment.sig>


More information about the Users mailing list