Is there a way to have two factor authentication with the first being certificate?
Something like:
connections {
ecdsa {
version = 2
send_cert = always
encap = yes
unique = replace
proposals = aes256-sha256-prfsha256-ecp256-modp2048
pools = pool1
local {
id = vpnserver
certs = vpnserver.crt
}
remote {
auth = eap-tls
eap_id = %any
}
remote {
auth = mfa
eap_id = %any
}
}
I doubt this is possible with the builtin windows or osx clients but maybe with
StrongSwan client?
