Show Posts
1
19.1 Legacy Series / Windows 10 IKEv2 Road Warrior & LDAP + Timebased One Time Password
« on: May 20, 2019, 10:06:53 pm »
I've been scouring the documentation and other forum posts for some time now but I haven't found an answer to my question so I'm posting here
I am attempting to set up IKEv2 mobile VPN (road warrior) using native Windows 10 VPN client, in conjunction with the LDAP + Timebased One Time Password authentication option. I believe I am experiencing issues with authentication due to the way MSCHAPv2 handles authentication and that it is inherently not capable of doing a plain password comparison. Has anyone gotten this combination (IKEv12 + Windows 10 native client + LDAP/Timebased OTP) to work? If so, what authentication method/settings did you use to accomplish this?
Before recommending using OpenVPN, please understand that I need a solution that can utilize the 'start before logon' feature of Windows where a user can connect to the VPN prior to logging in so that any active directory policies can apply, as well as checking password expiration with active directory, etc. There are not currently any OpenVPN clients capable of start before logon that I'm aware of, so if you're aware of any I'd be more than happy to entertain those options.
Thank you in advance for your assistance.
I am attempting to set up IKEv2 mobile VPN (road warrior) using native Windows 10 VPN client, in conjunction with the LDAP + Timebased One Time Password authentication option. I believe I am experiencing issues with authentication due to the way MSCHAPv2 handles authentication and that it is inherently not capable of doing a plain password comparison. Has anyone gotten this combination (IKEv12 + Windows 10 native client + LDAP/Timebased OTP) to work? If so, what authentication method/settings did you use to accomplish this?
Before recommending using OpenVPN, please understand that I need a solution that can utilize the 'start before logon' feature of Windows where a user can connect to the VPN prior to logging in so that any active directory policies can apply, as well as checking password expiration with active directory, etc. There are not currently any OpenVPN clients capable of start before logon that I'm aware of, so if you're aware of any I'd be more than happy to entertain those options.
Thank you in advance for your assistance.