we are using softether and tekradius. Trying to implement push authentification like duo.com gave me some trouble as i am only able to set radius timeout to 10 seconds. If you want to use push authentification the authentification server will send a sms or push request to an app on your mobile phone. This ofcourse sometimes will take longer than 10 seconds especially if the user has to unlock his phone. Duo.com for example advices a 60 second time-out. So this is a reason we are not able to use push authentification and now use off-line otp passwords as a workaround.
But there is an additional issue. The "do not store passwords" feature in the client does not seem to work as expected. If i start a connection there is always an authentification request to the server with the old (stored) password. As these are one-time there will be an authentification failure. Only after the authentification failure i am able to enter the new correct password and the connection will be established. If i setup a new clear connection profile the first authentification will also use a blank password.
So for me entering a password is only possible after a denied authentification request.
Has somebody a similar issue or can help solving this?
Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
2 posts • Page 1 of 1