[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: IKEv2 VPN clients and 2FA
From:       Markus Winkler <ml () irmawi ! de>
Date:       2022-11-16 15:20:34
Message-ID: 69c8434a-10d7-12da-c5b6-3212ada8c015 () irmawi ! de
[Download RAW message or body]

Hi Brian,

On 14.11.22 15:43, Brian Julin wrote:
> Instead, launch the 2FA query during RADIUS authentication, and bring up the IPSec tunnel but filter
> all packets with iptables.  Then when the 2FA is approved, alter the iptables rules to allow access.

nice idea, thank you. :-)

But I think in the end

> Throwing 2FA with its own set of timeouts and protocol failure points into the fray of establishing
> an IPSec-RA connection is IMO just asking for a claptrap of hard-to-diagnose problems.

you're right: too many possible problems. I really need a robust solution. 
Let's see.

Regards,
Markus
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]