[prev in list] [next in list] [prev in thread] [next in thread]
List: freeradius-users
Subject: Re: IKEv2 VPN clients and 2FA
From: Markus Winkler <ml () irmawi ! de>
Date: 2022-11-16 15:20:34
Message-ID: 69c8434a-10d7-12da-c5b6-3212ada8c015 () irmawi ! de
[Download RAW message or body]
Hi Brian,
On 14.11.22 15:43, Brian Julin wrote:
> Instead, launch the 2FA query during RADIUS authentication, and bring up the IPSec tunnel but filter
> all packets with iptables. Then when the 2FA is approved, alter the iptables rules to allow access.
nice idea, thank you. :-)
But I think in the end
> Throwing 2FA with its own set of timeouts and protocol failure points into the fray of establishing
> an IPSec-RA connection is IMO just asking for a claptrap of hard-to-diagnose problems.
you're right: too many possible problems. I really need a robust solution.
Let's see.
Regards,
Markus
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic