USG 20-VPN using smartcard client authentication

Rene_H
Rene_H Posts: 1  Freshman Member
edited April 2021 in Security
Hi there

Here's what I try to do:

IKEv2 VPN using a smartcard as the means to authenticate connecting users against my active directory.

I did manage to configure the USG so it accepts connections that use X-Auth mschapv2 as long as I do configure my windows 10 vpn clients to use a username / password combination. In that case the tunnel connects and everything works as expected.

If I tell my win10 client to use the smartcard though, the tunnel does not connect and after some time win10 tells me, that "the context has expired and can no longer be used".

The logs on the Zywall look identical in both cases up to the point where the Authentication Server says:
RADIUS: Accepting the user '[username]'. If I use a username / pw combo, after that the IKE log goes on up until where the tunnel is established and operational. If I use a SmartCard though, the IKE log stays empty after that and the above behavior occurs.

So I guess that I do something horribly wrong here. But having spent a good couple hours on this without any further success, I think I do need some help from the folks who actually know what they are doing.

I'd appreciate any help a lot!

Thanks

Rene

Accepted Solution

Security Highlight