[NEBULA] integrate vpn cloud authentication with CensorNet (formerly SMS Passcode)
FrankIversen
Posts: 92 Ally Member
Hi.
Is there any plans of supporting MFA with the client ipsec vpn tunnel using cloud authentication? it works very nice with regular Radius with the zyxel usg firewall.
I have asked the support at Censornet and they think this is intereseting and would like to participte in a test with Nebula if the cloud authenation also uses some kind of radius in the background which they support. Here is the mail I got from Censornet:
I have not been working with this product before.
Since it is a L2TP ipsec tunnel, i would say the chance is small, but i found this document.:
https://kb.zyxel.com/KB/searchArticle!gwsViewDetail.action?articleOid=015899&lang=EN
This however do not reveal any details regarding how the radius protocol has been implemented. They must support XAUTH and Radius challenge response over the protocols PAP and/or MSChapV2.
I know that Zyxel Zywall 200 (USG200), has a perfect implementation of Radius. That does however not mean that the Nebula cloud do.
I can assist in a test, if needed.
Kind regards
Gunnar Hermansen
@gundaris
Is there any plans of supporting MFA with the client ipsec vpn tunnel using cloud authentication? it works very nice with regular Radius with the zyxel usg firewall.
I have asked the support at Censornet and they think this is intereseting and would like to participte in a test with Nebula if the cloud authenation also uses some kind of radius in the background which they support. Here is the mail I got from Censornet:
I have not been working with this product before.
Since it is a L2TP ipsec tunnel, i would say the chance is small, but i found this document.:
https://kb.zyxel.com/KB/searchArticle!gwsViewDetail.action?articleOid=015899&lang=EN
This however do not reveal any details regarding how the radius protocol has been implemented. They must support XAUTH and Radius challenge response over the protocols PAP and/or MSChapV2.
I know that Zyxel Zywall 200 (USG200), has a perfect implementation of Radius. That does however not mean that the Nebula cloud do.
I can assist in a test, if needed.
Kind regards
Gunnar Hermansen
@gundaris
0
Comments
-
hmmmm sounds interesting! I'm not sure if it could be implemented with cloud auth, have you tried using the my radius or AD servers settings combined with Azure radius and MFA for example? I don't know about Censornet so not sure how to implement it"You will never walk along"0
-
Hi @FrankIversen
Sounds great, and it will be more safer for enterprise and users when user connect to L2TP VPN.
NSG could support PAP and MSChapv2 protocol at this stage, but there is no way to enable MFA function on NCC to trigger MFA...
I also would like to suggest you can share this idea in idea section.
0 -
Hi, what is the status on MFA for vpn connection? This is a must if we should enable VPN for remote users.
0 -
I see you have some posts mentioned about MS Azure, so I suppose...
if you connect L2TP VPN auth with Azure MFA Server (as RADIUS server), you can have the second factor auth through MFA server and Azure to achieve.
0 -
No problem with MFA regarding Azure, but for customer who wants to connect to their own on-premise network (small SMBs with f.ex 5 users) they don't have an Azure solution for this. They use the VPN-function on the NSG50.
0 -
so there is no plan to look at MFA with Nebula Cloud Authentication for vpn-users in 2018?0
-
Hello @FrankIversen
Unfortunately, not in this year, however it's already in our roadmap, we're still working on this!
0 -
Any news regarding MFA on the client vpn for nsg50 or nsg100s?0
-
@FrankIversen
We plan to support 2FA with L2TP over IPSec on Nebula cloud Authentication in the middle of next year.
/Chris0 -
I hope 2FA will be deployed for L2TP and L2TP/IPSEC0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 148 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight