[strongSwan] DUO TOTP and Strongswan
Alex Sharaz
alex.sharaz at york.ac.uk
Thu Mar 9 17:43:53 CET 2017
many thanks,
found that page :-))
A
On 9 March 2017 at 16:27, Noel Kuntze <noel at familie-kuntze.de> wrote:
> That one's easy
> https://wiki.strongswan.org/projects/strongswan/wiki/
> EapRadius#Multiple-rounds
>
> On 09.03.2017 16:09, Alex Sharaz wrote:
> > Would certainly like to hear if anyone has managed it using ikev1 and
> XAUTH
> >
> > A
> >
> > On 9 March 2017 at 11:54, Alex Sharaz <alex.sharaz at york.ac.uk <mailto:
> alex.sharaz at york.ac.uk>> wrote:
> >
> > o.k. Was wondering because on our Juniper box a user logs on using
> their normal credentials using the pulse secure app and then gets prompted
> for the TOTP info afterwards.
> > Rgds
> > Alex
> >
> >
> > On 9 March 2017 at 11:47, Noel Kuntze <noel at familie-kuntze.de
> <mailto:noel at familie-kuntze.de>> wrote:
> >
> > Please make sure to always have the list in CC or TO, as well as
> the actual recipient.
> >
> > I'm not aware of any feature of any client that enables it to
> support OTP and password auth at the same time.
> > Maybe other people know. With XAUTH, it is easy, because there's
> a feature for that that enables IKE responders
> > to specify several form fields in the user interface. Maybe some
> other person knows how to do that
> > and how to implement it in IKEv2.
> >
> > On 09.03.2017 12:32, Alex Sharaz wrote:
> > > ikev2
> > >
> > >
> > > On 9 March 2017 at 11:31, Noel Kuntze <noel at familie-kuntze.de
> <mailto:noel at familie-kuntze.de> <mailto:noel at familie-kuntze.de <mailto:
> noel at familie-kuntze.de>>> wrote:
> > >
> > > Implement it on the RADIUS in the EAP method? Do you use
> xauth-eap with eap-radius or do you use IKEv2?
> > >
> > > On 09.03.2017 10:25, Alex Sharaz wrote:
> > > > Probably too generic a question but has anyone
> integrated a StronghSwan VPN service with the DUO Mobile TimeBase One
> Time Password (TOTP) feature?
> > > >
> > > > Ideally want
> > > >
> > > > 1). x.509 cert to identify our VPN service to client
> > > > 2). use eap-radius method for ikev2 connections for user
> auth
> > > > 3). TOTP on top of that
> > > > 1 & 2 work just fine, just need to figure out how to do
> (3)
> > > >
> > > > Rgds
> > > > Alex
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > _______________________________________________
> > > > Users mailing list
> > > > Users at lists.strongswan.org <mailto:Users at lists.
> strongswan.org> <mailto:Users at lists.strongswan.org <mailto:Users at lists.
> strongswan.org>>
> > > > https://lists.strongswan.org/mailman/listinfo/users <
> https://lists.strongswan.org/mailman/listinfo/users> <
> https://lists.strongswan.org/mailman/listinfo/users <
> https://lists.strongswan.org/mailman/listinfo/users>>
> > > >
> > >
> > > --
> > >
> > > Mit freundlichen Grüßen/Kind Regards,
> > > Noel Kuntze
> > >
> > > GPG Key ID: 0x63EC6658
> > > Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC
> 6658
> > >
> > >
> > >
> >
> > --
> >
> > Mit freundlichen Grüßen/Kind Regards,
> > Noel Kuntze
> >
> > GPG Key ID: 0x63EC6658
> > Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
> >
> >
> >
> >
>
> --
>
> Mit freundlichen Grüßen/Kind Regards,
> Noel Kuntze
>
> GPG Key ID: 0x63EC6658
> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170309/63a25c58/attachment-0001.html>
More information about the Users
mailing list