Hi everyone,
Is anyway to integrate MFA(etc. Duo, Google Authenticator) to enhance login security. There is not too much reference on the internet......
MFA authentication
-
Qoo
- Posts: 1
- Joined: Sun Mar 29, 2020 3:51 pm
-
opensrcguy
- Posts: 5
- Joined: Fri Jan 24, 2020 1:53 pm
Re: MFA authentication
+1
Can anyone know how can i integrate Google Authenticator code with SoftEther VPN ?
Can anyone know how can i integrate Google Authenticator code with SoftEther VPN ?
-
comateux
- Posts: 1
- Joined: Wed May 22, 2019 6:02 pm
Re: MFA authentication
Hello, I only know Duo integration is possible using the Duo authentication proxy via RADIUS.
Refer to the Duo documentation to setup the Duo auth proxy listening for RADIUS. Then configure SE server using RADIUS authentication which then points to your Duo auth proxy. The result is you may utilize the Duo push feature or manual inclusion of the 2FA code after the password such as password,123456. There are two limitations. First, a 10 second timeout which seems to be hardcoded as the retry interval in the SE Server. Let's hope a dev contributor can raise this limit as I would prefer at least a 30 to 60 second retry interval. The second involves the SE native client itself, which I would advise to disable auto reconnect to prevent automatic lockouts specifically in Duo.
Refer to the Duo documentation to setup the Duo auth proxy listening for RADIUS. Then configure SE server using RADIUS authentication which then points to your Duo auth proxy. The result is you may utilize the Duo push feature or manual inclusion of the 2FA code after the password such as password,123456. There are two limitations. First, a 10 second timeout which seems to be hardcoded as the retry interval in the SE Server. Let's hope a dev contributor can raise this limit as I would prefer at least a 30 to 60 second retry interval. The second involves the SE native client itself, which I would advise to disable auto reconnect to prevent automatic lockouts specifically in Duo.
-
SantoshkMishra
- Posts: 1
- Joined: Fri Dec 04, 2020 2:56 am
Re: MFA authentication
Hi All
Thanks for your all input.
is there any one who can help us on this, keeping current situation in account, we must have to have 2FA for VPN. what is best way to get this done.
requirement is , after domain password there must be send factor of authentication.
How to Achieve this.
Thanks.
Thanks for your all input.
is there any one who can help us on this, keeping current situation in account, we must have to have 2FA for VPN. what is best way to get this done.
requirement is , after domain password there must be send factor of authentication.
How to Achieve this.
Thanks.
-
red
- Posts: 5
- Joined: Fri Sep 09, 2016 8:27 pm
Re: MFA authentication
Something as simple as:
1. keeping a phone number in the user notes for sms.
2. upon login the first time send a code and swap the code for the password in the db, disconnect.
3. logging in the 2nd time with the code instead of the original password, let them through and swap the password back in the db.
Simple enough that it would work for me.
1. keeping a phone number in the user notes for sms.
2. upon login the first time send a code and swap the code for the password in the db, disconnect.
3. logging in the 2nd time with the code instead of the original password, let them through and swap the password back in the db.
Simple enough that it would work for me.