Hi, > I would like to know if there exist any two-factor combination where > one of them is RADIUS, either IKEv1 or IKEv2, which works with Windows > (Win7 and above) native VPN client.
AFAIK Windows does not support RFC4739. In IKEv1 there is a proprietary extension called AuthIP in Windows, but we don't support that. > What are our options for multi-factor authentication with Strongswan > server and Windows client? I'm not aware of a way to use both client certificates and password authentication with the Windows Agile IKEv2 client. A practical solution without client certificates is to use a password + HOTP/TOTP. You could use EAP-MSCHAPv2 for example, but enter both the password concatenated with the token into the password field. On the AAA there are solutions that can handle this kind of authentication scheme. Regards Martin _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
