Re: Any One-Time password system.
PPTP is broken [1]. OpenVPN (for which there are clients for Android, iPhone, MacOS, Linux, Windows) is not. OpenVPN will use TLS certificates as well as other centrally managed authentication based systems (e.g. Radius, MOTP, maybe Google Authenticator?) to authenticate and authorize. There are lots and lots and lots of postings online discussing how to do these. [1] https://www.cloudcracker.com/blog/2012/07/29/cracking-ms-chap-v2/ also http://www.h-online.com/security/features/A-death-blow-for-PPTP-1716768.htmland many others. -- Jon "The Nice Guy" Spriggs On 16 May 2013 15:41, Sergii Bieliaievskyi wrote: > > > > 2013/5/16 Arran Cudbard-Bell > >> What are you actually trying to use this with? >> >> 802.1X/WPA2-Enterprise or for VPN authentication. >> > > VPN authentication. > And it should be multiplatform VPN. PPTP is supported by almost every > vendors. I can establish PPTP connection from iPhone, Android,Linux, > MacOS and so on That`s why PPTP is preferable. > > > -- > PRIVILEGED AND CONFIDENTIAL COMMUNICATION > This e-mail transmission, and any documents, files or previous e-mail > messages > attached to it, may contain confidential information that is legally > privileged. > > If you are not the intended recipient or a person responsible for > delivering it > to the intended recipient, you are hereby notified that any disclosure, > copying, > distribution or use of any of the information contained in or attached to > this > transmission is strictly prohibited. > > If you have received this transmission in error, please: (1) immediately > notify > me by reply e-mail, or by collect telephone call; and (2) destroy the > original > transmission and its attachments without reading or saving in any manner. > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Any One-Time password system.
MOTP-AS uses plain-text credentials right now, but I'm still integrating myself properly into the project, and I've not really experimented with any other modes. -- Jon "The Nice Guy" Spriggs On 14 May 2013 15:49, Sergii Bieliaievskyi wrote: > > > > 2013/5/14 Michael Schwartzkopff > >> ** >> >> I tried motp. Works nice. You can install the otp generator on your >> >> smartphone. See: >> >> http://sys4.de/en/blog/2013/03/16/otp-freeradius/ >> >> >> >> >> What type of authorization do you use(PAP CHAP MS-CHAP) for OTP? > > -- > PRIVILEGED AND CONFIDENTIAL COMMUNICATION > This e-mail transmission, and any documents, files or previous e-mail > messages > attached to it, may contain confidential information that is legally > privileged. > > If you are not the intended recipient or a person responsible for > delivering it > to the intended recipient, you are hereby notified that any disclosure, > copying, > distribution or use of any of the information contained in or attached to > this > transmission is strictly prohibited. > > If you have received this transmission in error, please: (1) immediately > notify > me by reply e-mail, or by collect telephone call; and (2) destroy the > original > transmission and its attachments without reading or saving in any manner. > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Any One-Time password system.
I'm the current project lead for the MOTP-AS project [1], so I'm happy to help with anything relating to that project (off this list, unless it's directly FR related) :) [1] https://github.com/MOTP-AS/MOTP-AS -- Jon "The Nice Guy" Spriggs On 14 May 2013 08:26, Sergii Bieliaievskyi wrote: > I am reading about MOTP and realy hope to implement its in my network. > Could I count on your help if i will have a difficulties? > > Thanks in advance > > > 2013/5/14 Michael Schwartzkopff > >> ** >> >> Am Dienstag, 14. Mai 2013, 09:53:30 schrieb Sergii Bieliaievskyi: >> >> > :) I am using FreeBSD distro. >> >> > >> >> > People! Help me please. I will take into consideration any suggestion >> >> > concern OTP, any open source project, just anything. >> >> >> >> I tried motp. Works nice. You can install the otp generator on your >> >> smartphone. See: >> >> http://sys4.de/en/blog/2013/03/16/otp-freeradius/ >> >> >> >> -- >> >> Mit freundlichen Grüßen, >> >> >> >> Michael Schwartzkopff >> >> >> >> -- >> >> [*] sys4 AG >> >> >> >> http://sys4.de, +49 (89) 30 90 46 64 >> >> Franziskanerstraße 15, 81669 München >> >> >> >> Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 >> >> Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer >> >> Aufsichtsratsvorsitzender: Florian Kirstein >> >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> > > > -- > PRIVILEGED AND CONFIDENTIAL COMMUNICATION > This e-mail transmission, and any documents, files or previous e-mail > messages > attached to it, may contain confidential information that is legally > privileged. > > If you are not the intended recipient or a person responsible for > delivering it > to the intended recipient, you are hereby notified that any disclosure, > copying, > distribution or use of any of the information contained in or attached to > this > transmission is strictly prohibited. > > If you have received this transmission in error, please: (1) immediately > notify > me by reply e-mail, or by collect telephone call; and (2) destroy the > original > transmission and its attachments without reading or saving in any manner. > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: unsubscribe
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html (But the essence of it is, to unsubscribe, go here: http://lists.freeradius.org/mailman/listinfo/freeradius-users) -- Jon "The Nice Guy" Spriggs On 20 February 2013 10:29, Andrew Long wrote: > unsubscribe > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius not working in normal mode but working in debug mode
Firstly, I'd suggest not posting the same question 3 times in 1 hour. I don't have a problem with it (personally), but it's rather rude, especially on a low volume list like this. The reason it's not working is probably to do with permissions - check what user account you are running it as in Debug mode, and what user account you are running it in in normal mode. I've had this exact same issue, and it was because I was testing it as root, but when trying to run it, it was being run as another user account (probably "nobody" or "freeradius"). Regards, -- Jon "The Nice Guy" Spriggs On 11 February 2013 08:57, Nandkumar Palkar wrote: > Hello, > > freeradius not working in normal mode but working in debug mode > > Please suggest. > > Thanks, > Nand > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Bypass SQLIPPOOL via variable?
Also, not wishing to drag this too much into the OpenVPN support
group, but you can make OpenVPN use "p2p mode" which will allocate IP
addresses from a /24 or greater, or you can assign individual IP
addresses with a script. Obviously, these are things to research in
the OpenVPN configuration pages.
Regards,
--
Jon "The Nice Guy" Spriggs
On 1 November 2012 20:28, Blake Covarrubias wrote:
> On Nov 1, 2012, at 1:02 PM, bea...@gmail.com wrote:
>
>> If they are coming in as a "Virtual" connection, drop out of SQLIPPOOL and
>> just let freeradius auth the connection and then let OpenVPN use it's
>> predefined IP pool which we will in turn NAT?
>
> This should be possible with a bit of unlang.
>
> post-auth {
> if(NAS-Port-Type != Virtual){
> sqlippool
> }
> }
>
> Or something of the sort. 'man 5 unlang' for more info.
>
> --
> Blake Covarrubias
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
