Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
IPSEC user auth with local user and 2FA
« previous
next »
Print
Pages: [
1
]
Author
Topic: IPSEC user auth with local user and 2FA (Read 2981 times)
kapara
Jr. Member
Posts: 97
Karma: 3
IPSEC user auth with local user and 2FA
«
on:
September 01, 2019, 11:46:59 pm »
Is it possible to create local access users with 2FA for mobile vpn access?
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: IPSEC user auth with local user and 2FA
«
Reply #1 on:
September 02, 2019, 05:54:55 am »
No, only with OpenVPN
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: IPSEC user auth with local user and 2FA
«
Reply #2 on:
September 03, 2019, 09:38:38 am »
Huh, why not? It uses the same authentication system.
Cheers,
Franco
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: IPSEC user auth with local user and 2FA
«
Reply #3 on:
September 03, 2019, 10:22:48 am »
- EAP-MSCHAP requires the usage of eap keys -> no 2FA
- EAP-RADIUS would work, but FreeRadius plugin only work wir local users and has no hook for 2FA server
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
kapara
Jr. Member
Posts: 97
Karma: 3
Re: IPSEC user auth with local user and 2FA
«
Reply #4 on:
September 04, 2019, 12:53:38 am »
I created a new server Local + Time based one time password (Not Preshared Keys) with EAP-MSCHAP and specified that database in Mobile clients but it did not work. Only the preshared keys seem to work.
Really too bad this does not work as it makes the 2fa only good for securing firewall management and not vpn though the documentation states it can be used with IPSEC.
There is no instruction however on how to get this working. If this is possible It would be great to know how to make it work.
«
Last Edit: September 04, 2019, 12:57:18 am by kapara
»
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: IPSEC user auth with local user and 2FA
«
Reply #5 on:
September 04, 2019, 07:16:59 am »
Maybe with old IKEv1 and cisco-like groups, never tested it. With OpenVPN no big deal
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
kapara
Jr. Member
Posts: 97
Karma: 3
Re: IPSEC user auth with local user and 2FA
«
Reply #6 on:
September 05, 2019, 08:50:19 pm »
Franco,
Any feedback as to this?
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: IPSEC user auth with local user and 2FA
«
Reply #7 on:
September 05, 2019, 08:55:58 pm »
There *might* be a chance that it works with legacy IKEv1, just give it a try, with IKEv2 no chance
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
kapara
Jr. Member
Posts: 97
Karma: 3
Re: IPSEC user auth with local user and 2FA
«
Reply #8 on:
September 05, 2019, 09:19:24 pm »
The problem is I am using Native windows. I don't think IKEv1 works with native windows.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
IPSEC user auth with local user and 2FA