[strongSwan] DUO TOTP and Strongswan

Alex Sharaz alex.sharaz at york.ac.uk
Thu Mar 9 12:54:36 CET 2017


o.k. Was wondering because on our Juniper box a user logs on using their
normal credentials using the pulse secure app and then gets prompted for
the TOTP info afterwards.
Rgds
Alex


On 9 March 2017 at 11:47, Noel Kuntze <noel at familie-kuntze.de> wrote:

> Please make sure to always have the list in CC or TO, as well as the
> actual recipient.
>
> I'm not aware of any feature of any client that enables it to support OTP
> and password auth at the same time.
> Maybe other people know. With XAUTH, it is easy, because there's a feature
> for that that enables IKE responders
> to specify several form fields in the user interface. Maybe some other
> person knows how to do that
> and how to implement it in IKEv2.
>
> On 09.03.2017 12:32, Alex Sharaz wrote:
> > ikev2
> >
> >
> > On 9 March 2017 at 11:31, Noel Kuntze <noel at familie-kuntze.de <mailto:
> noel at familie-kuntze.de>> wrote:
> >
> >     Implement it on the RADIUS in the EAP method? Do you use xauth-eap
> with eap-radius or do you use IKEv2?
> >
> >     On 09.03.2017 10:25, Alex Sharaz wrote:
> >     > Probably too generic a question but has anyone integrated   a
> StronghSwan VPN service with the DUO Mobile TimeBase One Time Password
> (TOTP) feature?
> >     >
> >     > Ideally want
> >     >
> >     > 1). x.509 cert to identify our VPN service  to client
> >     > 2). use eap-radius method for ikev2 connections for user auth
> >     > 3). TOTP on top of that
> >     >  1 & 2 work just fine, just need to figure out how to do (3)
> >     >
> >     > Rgds
> >     > Alex
> >     >
> >     >
> >     >
> >     >
> >     >
> >     > _______________________________________________
> >     > Users mailing list
> >     > Users at lists.strongswan.org <mailto:Users at lists.strongswan.org>
> >     > https://lists.strongswan.org/mailman/listinfo/users <
> https://lists.strongswan.org/mailman/listinfo/users>
> >     >
> >
> >     --
> >
> >     Mit freundlichen Grüßen/Kind Regards,
> >     Noel Kuntze
> >
> >     GPG Key ID: 0x63EC6658
> >     Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
> >
> >
> >
>
> --
>
> Mit freundlichen Grüßen/Kind Regards,
> Noel Kuntze
>
> GPG Key ID: 0x63EC6658
> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170309/fbe55272/attachment-0001.html>


More information about the Users mailing list