IKEv2 VPN clients and 2FA
Markus Winkler
ml at irmawi.de
Wed Nov 16 15:20:34 UTC 2022
Hi Brian,
On 14.11.22 15:43, Brian Julin wrote:
> Instead, launch the 2FA query during RADIUS authentication, and bring up the IPSec tunnel but filter
> all packets with iptables. Then when the 2FA is approved, alter the iptables rules to allow access.
nice idea, thank you. :-)
But I think in the end
> Throwing 2FA with its own set of timeouts and protocol failure points into the fray of establishing
> an IPSec-RA connection is IMO just asking for a claptrap of hard-to-diagnose problems.
you're right: too many possible problems. I really need a robust solution.
Let's see.
Regards,
Markus
More information about the Freeradius-Users
mailing list