[strongSwan] Issues with StrongSwan Android client and Azure MFA

Chris Sherry smilinjoe at gmail.com
Mon Jan 14 20:39:33 CET 2019


Tobias,

So I have tried excluding Microsoft Authenticator from the VPN (with the
advanced settings), but I get the same result. On a whim I tried allowing
only Chrome to use the VPN. That allowed me to connect, but from Chrome I
couldn't get to any internal websites. Plus that really wouldn't be a
feasible solution as people are going to want to use many different (and
unknown to me) apps on the VPN. Is there another Android subsystem that
needs access as well besides the authenticator? The other piece that
complicates this is the MFA challenge comes from Azure, so I don't have a
simple network list to exclude from the tunnel.

I will keep looking.....

Chris.

On Mon, Jan 14, 2019 at 5:11 AM Tobias Brunner <tobias at strongswan.org>
wrote:

> Hi Chris,
>
> > So it
> > almost seems like the StrongSwan client is blocking traffic while the
> > VPN connection is being built (after phase 1).
>
> It does.  If there is an app or IP address that should bypass the VPN,
> configure it in the advanced VPN profile settings.
>
> Regards,
> Tobias
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20190114/3adfc2e1/attachment.html>


More information about the Users mailing list