16 Nov
2022
16 Nov
'22
10:20 a.m.
Hi Brian, On 14.11.22 15:43, Brian Julin wrote:
Instead, launch the 2FA query during RADIUS authentication, and bring up the IPSec tunnel but filter all packets with iptables. Then when the 2FA is approved, alter the iptables rules to allow access.
nice idea, thank you. :-) But I think in the end
Throwing 2FA with its own set of timeouts and protocol failure points into the fray of establishing an IPSec-RA connection is IMO just asking for a claptrap of hard-to-diagnose problems.
you're right: too many possible problems. I really need a robust solution. Let's see. Regards, Markus