Authentication Values not being respected

Hello all,

Probably like the rest of you we are chucking people out the doors to work from home as quick as we can.

For the most part IKEv2 works well. But it doesn't seem to be enforcing the "idle time out" values I have at the user level? Following this WG Article it states that User and Group settings should take president over Global. But my users don't get disconnected and asked to re-authenticate by what I image is having to put their IKEv2 password in again to connect.

Does this sound right/reasonable?

Comments

  • VPN client software sends keep-alive packets so that the session really never ends because there never is an idle session.

    For Firebox-DB:
    You can try setting a Session Timeout
    Presumably other auth servers have a similar setting.

  • OK thanks for the info Bruce. Bit of a gotha. The problem I have with this is the the IKEv2 user credentials are being storied in Windows 10 after the first connection is made. So anyone that may have access to the physical machine now has assess to the Network.

    Changing the Session time out is do-able but problematic. I'll have to test that to see if this requires the user to re-enter their password to create the tunnel.

  • There is an option in Windows IKEv2 VPN setting "Remember my sign-in info" which can be unselected.

    You can modify the downloaded script - for future installations.
    In AddVPN.ps1, in the function AddVPNConnection, change the following
    -RememberCredential
    to
    -RememberCredential $False

    https://docs.microsoft.com/en-us/powershell/module/vpnclient/set-vpnconnection

  • Perfect - what I was looking for. Happy Easter

Sign In to comment.