[NEBULA] integrate vpn cloud authentication with CensorNet (formerly SMS Passcode)

FrankIversen
FrankIversen Posts: 92  Ally Member
First Anniversary Friend Collector First Comment Ideas master
edited April 2021 in Nebula
Hi.
Is there any plans of supporting MFA with the client ipsec vpn tunnel using cloud authentication? it works very nice with regular Radius with the zyxel usg firewall.
I have asked the support at Censornet and they think this is intereseting and would like to participte in a test with Nebula if the cloud authenation also uses some kind of radius in the background which they support. Here is the mail I got from Censornet:

I have not been working with this product before.

Since it is a L2TP ipsec tunnel, i would say the chance is small, but i found this document.:
https://kb.zyxel.com/KB/searchArticle!gwsViewDetail.action?articleOid=015899&lang=EN

This however do not reveal any details regarding how the radius protocol has been implemented. They must support XAUTH and Radius challenge response over the protocols PAP and/or MSChapV2.

I know that Zyxel Zywall 200 (USG200), has a perfect implementation of Radius. That does however not mean that the Nebula cloud do.

I can assist in a test, if needed.

Kind regards
Gunnar Hermansen
@gundaris

«1

Comments

  • RUnglaube
    RUnglaube Posts: 135  Ally Member
    First Anniversary Friend Collector First Answer First Comment
    hmmmm sounds interesting! I'm not sure if it could be implemented with cloud auth, have you tried using the my radius or AD servers settings combined with Azure radius and MFA for example? I don't know about Censornet so not sure how to implement it
    "You will never walk along"
  • Zyxel_Irene
    Zyxel_Irene Posts: 118  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment
    Hi @FrankIversen
    Sounds great, and it will be more safer for enterprise and users when user connect to L2TP VPN. :smile:
    NSG could support PAP and MSChapv2 protocol at this stage, but there is no way to enable MFA function on NCC to trigger MFA...
    I also would like to suggest you can share this idea in idea section. :star:
  • FrankIversen
    FrankIversen Posts: 92  Ally Member
    First Anniversary Friend Collector First Comment Ideas master
    Hi, what is the status on MFA for vpn connection? This is a must if we should enable VPN for remote users.
  • Hello_Geek
    Hello_Geek Posts: 9  Freshman Member
    First Anniversary First Comment

    I see you have some posts mentioned about MS Azure, so I suppose...

    if you connect L2TP VPN auth with Azure MFA Server (as RADIUS server), you can have the second factor auth through MFA server and Azure to achieve.

  • FrankIversen
    FrankIversen Posts: 92  Ally Member
    First Anniversary Friend Collector First Comment Ideas master
    No problem with MFA regarding Azure, but for customer who wants to connect to their own on-premise network (small SMBs with f.ex 5 users) they don't have an Azure solution for this. They use the VPN-function on the NSG50.
  • FrankIversen
    FrankIversen Posts: 92  Ally Member
    First Anniversary Friend Collector First Comment Ideas master
    so there is no plan to look at MFA with Nebula Cloud Authentication for vpn-users in 2018?
  • Zyxel_Chris
    Zyxel_Chris Posts: 653  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Hello @FrankIversen
    Unfortunately, not in this year, however it's already in our roadmap, we're still working on this! :+1:


    Chris
  • FrankIversen
    FrankIversen Posts: 92  Ally Member
    First Anniversary Friend Collector First Comment Ideas master
    Any news regarding MFA on the client vpn for nsg50 or nsg100s?
  • Zyxel_Chris
    Zyxel_Chris Posts: 653  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    edited October 2019
    @FrankIversen
    We plan to support 2FA with L2TP over IPSec on Nebula cloud Authentication in the middle of next year. :)

    /Chris
    Chris
  • Alfonso
    Alfonso Posts: 257  Master Member
    First Anniversary Friend Collector First Answer First Comment
    I hope 2FA will be deployed for L2TP and L2TP/IPSEC

Nebula Tips & Tricks