IKEv2 VPN with Google Authenticator

We are working on at setting 2FA for Watchguard IKEv2 VPN with Freeradius and google authenticator PAM module.
It seems IKEv2 uses only MSCHAPv2 which Google Authenticator pam doesnt seem to work with.
Has anyone got this working? As far as I know SSL VPN works fine, but we need to use IKEv2. Both AuthPoint and Duo also works fine with IKEv2, but the cost is a major factor for us.



  • Options
    james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @efes9999
    The MSChapV2 limitation is of the client in Windows -- most customers push the authentication to a MS NPS (Network Policy Server) to handle the MSCHAP portion.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.