IKEv2 VPN with Google Authenticator
We are working on at setting 2FA for Watchguard IKEv2 VPN with Freeradius and google authenticator PAM module.
It seems IKEv2 uses only MSCHAPv2 which Google Authenticator pam doesnt seem to work with.
Has anyone got this working? As far as I know SSL VPN works fine, but we need to use IKEv2. Both AuthPoint and Duo also works fine with IKEv2, but the cost is a major factor for us.
Thanks.
It seems IKEv2 uses only MSCHAPv2 which Google Authenticator pam doesnt seem to work with.
Has anyone got this working? As far as I know SSL VPN works fine, but we need to use IKEv2. Both AuthPoint and Duo also works fine with IKEv2, but the cost is a major factor for us.
Thanks.
0
Sign In to comment.
Comments
Hi @efes9999
The MSChapV2 limitation is of the client in Windows -- most customers push the authentication to a MS NPS (Network Policy Server) to handle the MSCHAP portion.
-James Carson
WatchGuard Customer Support