[NEBULA] integrate vpn cloud authentication with CensorNet (formerly SMS Passcode)

FrankIversen
FrankIversen Posts: 92  Ally Member
Ideas master First Comment Friend Collector Third Anniversary
edited April 2021 in Nebula
Hi.
Is there any plans of supporting MFA with the client ipsec vpn tunnel using cloud authentication? it works very nice with regular Radius with the zyxel usg firewall.
I have asked the support at Censornet and they think this is intereseting and would like to participte in a test with Nebula if the cloud authenation also uses some kind of radius in the background which they support. Here is the mail I got from Censornet:

I have not been working with this product before.

Since it is a L2TP ipsec tunnel, i would say the chance is small, but i found this document.:
https://kb.zyxel.com/KB/searchArticle!gwsViewDetail.action?articleOid=015899&lang=EN

This however do not reveal any details regarding how the radius protocol has been implemented. They must support XAUTH and Radius challenge response over the protocols PAP and/or MSChapV2.

I know that Zyxel Zywall 200 (USG200), has a perfect implementation of Radius. That does however not mean that the Nebula cloud do.

I can assist in a test, if needed.

Kind regards
Gunnar Hermansen
@gundaris

«1

Comments

  • RUnglaube
    RUnglaube Posts: 135  Ally Member
    5 Answers First Comment Friend Collector Third Anniversary
    hmmmm sounds interesting! I'm not sure if it could be implemented with cloud auth, have you tried using the my radius or AD servers settings combined with Azure radius and MFA for example? I don't know about Censornet so not sure how to implement it
    "You will never walk along"
  • Zyxel_Irene
    Zyxel_Irene Posts: 118  Zyxel Employee
    5 Answers First Comment Friend Collector First Anniversary
    Hi @FrankIversen
    Sounds great, and it will be more safer for enterprise and users when user connect to L2TP VPN. :smile:
    NSG could support PAP and MSChapv2 protocol at this stage, but there is no way to enable MFA function on NCC to trigger MFA...
    I also would like to suggest you can share this idea in idea section. :star:
  • FrankIversen
    FrankIversen Posts: 92  Ally Member
    Ideas master First Comment Friend Collector Third Anniversary
    Hi, what is the status on MFA for vpn connection? This is a must if we should enable VPN for remote users.
  • Hello_Geek
    Hello_Geek Posts: 9  Freshman Member
    First Comment First Anniversary

    I see you have some posts mentioned about MS Azure, so I suppose...

    if you connect L2TP VPN auth with Azure MFA Server (as RADIUS server), you can have the second factor auth through MFA server and Azure to achieve.

  • FrankIversen
    FrankIversen Posts: 92  Ally Member
    Ideas master First Comment Friend Collector Third Anniversary
    No problem with MFA regarding Azure, but for customer who wants to connect to their own on-premise network (small SMBs with f.ex 5 users) they don't have an Azure solution for this. They use the VPN-function on the NSG50.
  • FrankIversen
    FrankIversen Posts: 92  Ally Member
    Ideas master First Comment Friend Collector Third Anniversary
    so there is no plan to look at MFA with Nebula Cloud Authentication for vpn-users in 2018?
  • Zyxel_Chris
    Zyxel_Chris Posts: 727  Zyxel Employee
    Zyxel Certified Network Administrator - WLAN Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate 50 Answers
    Hello @FrankIversen
    Unfortunately, not in this year, however it's already in our roadmap, we're still working on this! :+1:


  • FrankIversen
    FrankIversen Posts: 92  Ally Member
    Ideas master First Comment Friend Collector Third Anniversary
    Any news regarding MFA on the client vpn for nsg50 or nsg100s?
  • Zyxel_Chris
    Zyxel_Chris Posts: 727  Zyxel Employee
    Zyxel Certified Network Administrator - WLAN Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate 50 Answers
    edited October 2019
    @FrankIversen
    We plan to support 2FA with L2TP over IPSec on Nebula cloud Authentication in the middle of next year. :)

    /Chris
  • Alfonso
    Alfonso Posts: 257  Master Member
    5 Answers First Comment Friend Collector Second Anniversary
    I hope 2FA will be deployed for L2TP and L2TP/IPSEC

Nebula Tips & Tricks