BIG NEWS! The Adtran Support Community is moving! In the next few weeks it will be housed in a new location. Be sure to visit our NEW Adtran Community before the end of July to check it out and verify that you can access all the resources and features that you need. If you discover any issues with your account or access, or just want to let us know about your experience, be sure to use our Feedback Form to let us know!
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
anchor
New Contributor III

2-factor AUTH for VPN client connections possible?

Jump to solution

Wondering if it's possible to implement 2AUTH with the 3448 and NCP software or any other solution?

Labels (1)
0 Kudos
1 Solution

Accepted Solutions
mick
Contributor II
Contributor II

Re: 2-factor AUTH for VPN client connections possible?

Jump to solution

You could argue VPN uses 2FA by design, at least when you use TLS client certificates and XAUTH.  The username and password for XAUTH is two things you only know (typically these would be specific only to this user) and the client certificate is something you only have (client certificates ought to be unique to each client).

If however, you mean a two step verification using an Out-Of-Band mechanism, then this may be possible when using an external RADIUS server in combination with e.g. Google Authenticator, or other token based mechanism.  I'd be interested to know the specifics if someone has deployed such a system.

--

Regards,

Mick

View solution in original post

2 Replies
mick
Contributor II
Contributor II

Re: 2-factor AUTH for VPN client connections possible?

Jump to solution

You could argue VPN uses 2FA by design, at least when you use TLS client certificates and XAUTH.  The username and password for XAUTH is two things you only know (typically these would be specific only to this user) and the client certificate is something you only have (client certificates ought to be unique to each client).

If however, you mean a two step verification using an Out-Of-Band mechanism, then this may be possible when using an external RADIUS server in combination with e.g. Google Authenticator, or other token based mechanism.  I'd be interested to know the specifics if someone has deployed such a system.

--

Regards,

Mick

anchor
New Contributor III

Re: 2-factor AUTH for VPN client connections possible?

Jump to solution

Roger that.  I'll let you know what they end up doing if it's interesting at all 😉

Thanks!