[strongSwan] DUO TOTP and Strongswan

Alex Sharaz alex.sharaz at york.ac.uk
Thu Mar 9 16:09:33 CET 2017 

Would certainly like to hear if anyone has managed it using ikev1 and XAUTH

A

On 9 March 2017 at 11:54, Alex Sharaz <alex.sharaz at york.ac.uk> wrote:

> o.k. Was wondering because on our Juniper box a user logs on using their
> normal credentials using the pulse secure app and then gets prompted for
> the TOTP info afterwards.
> Rgds
> Alex
>
>
> On 9 March 2017 at 11:47, Noel Kuntze <noel at familie-kuntze.de> wrote:
>
>> Please make sure to always have the list in CC or TO, as well as the
>> actual recipient.
>>
>> I'm not aware of any feature of any client that enables it to support OTP
>> and password auth at the same time.
>> Maybe other people know. With XAUTH, it is easy, because there's a
>> feature for that that enables IKE responders
>> to specify several form fields in the user interface. Maybe some other
>> person knows how to do that
>> and how to implement it in IKEv2.
>>
>> On 09.03.2017 12:32, Alex Sharaz wrote:
>> > ikev2
>> >
>> >
>> > On 9 March 2017 at 11:31, Noel Kuntze <noel at familie-kuntze.de <mailto:
>> noel at familie-kuntze.de>> wrote:
>> >
>> >     Implement it on the RADIUS in the EAP method? Do you use xauth-eap
>> with eap-radius or do you use IKEv2?
>> >
>> >     On 09.03.2017 10:25, Alex Sharaz wrote:
>> >     > Probably too generic a question but has anyone integrated   a
>> StronghSwan VPN service with the DUO Mobile TimeBase One Time Password
>> (TOTP) feature?
>> >     >
>> >     > Ideally want
>> >     >
>> >     > 1). x.509 cert to identify our VPN service  to client
>> >     > 2). use eap-radius method for ikev2 connections for user auth
>> >     > 3). TOTP on top of that
>> >     >  1 & 2 work just fine, just need to figure out how to do (3)
>> >     >
>> >     > Rgds
>> >     > Alex
>> >     >
>> >     >
>> >     >
>> >     >
>> >     >
>> >     > _______________________________________________
>> >     > Users mailing list
>> >     > Users at lists.strongswan.org <mailto:Users at lists.strongswan.org>
>> >     > https://lists.strongswan.org/mailman/listinfo/users <
>> https://lists.strongswan.org/mailman/listinfo/users>
>> >     >
>> >
>> >     --
>> >
>> >     Mit freundlichen Grüßen/Kind Regards,
>> >     Noel Kuntze
>> >
>> >     GPG Key ID: 0x63EC6658
>> >     Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
>> >
>> >
>> >
>>
>> --
>>
>> Mit freundlichen Grüßen/Kind Regards,
>> Noel Kuntze
>>
>> GPG Key ID: 0x63EC6658
>> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170309/d558ef51/attachment.html>

More information about the Users mailing list