Re: [strongSwan] Any working two-factor authentication with Windows?

[Martin Willi]

Hi,

> I would like to know if there exist any two-factor combination where
> one of them is RADIUS, either IKEv1 or IKEv2, which works with Windows
> (Win7 and above) native VPN client.

AFAIK Windows does not support RFC4739. In IKEv1 there is a proprietary
extension called AuthIP in Windows, but we don't support that.

> What are our options for multi-factor authentication with Strongswan
> server and Windows client?

I'm not aware of a way to use both client certificates and password
authentication with the Windows Agile IKEv2 client.

A practical solution without client certificates is to use a password +
HOTP/TOTP. You could use EAP-MSCHAPv2 for example, but enter both the
password concatenated with the token into the password field. On the AAA
there are solutions that can handle this kind of authentication scheme.

Regards
Martin

___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users

[strongSwan] Any working two-factor authentication with Windows?

[Husy -]

I know that StrongSwan supports multifactor authentication schemes such as 
RFC4739. I would like to know if there exist any two-factor combination where 
one of them is RADIUS, either IKEv1 or IKEv2, which works with Windows (Win7 
and above) native VPN client . Note that I am not asking about hybrid 
authentication where server and client are authenticated with different 
methods. For instance the client is first authenticated with certificates then 
username password via RADIUS.

Correct me if I am wrong but as of now, Windows still does not support RFC4739. 
What are our options for multi-factor authentication with Strongswan server and 
Windows client?

Thanks!
  ___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users