This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Support for one-time passwords for IPSec VPN?

Hi,

we' re in the process of evaluating Novell Security Manager (rebranded Astaro 5.1 AFAIK).

Is it possible to use a one-time-pasword solution for authenticating IPSec VPN-users? We're at the moment looking av CryptoCard, a solution that provides a radius server one can authenticate against.

kind regards,

-sig

This thread was automatically locked due to age.

0 Sigurd_Urdahl over 20 years ago

Having read up a bit more it seems to me that maybe it isn't possible to authenticate pure IPSec connections with one-time passwords out of the box.

I see two options, can annyone comment on viability in general and useability with Astaro?

1) Using the one-time-password as a Pre-Shared Key when setting up the connection.

2) Use a commeon certificate for all clients, and let everyone with the correct key generate an IPSec tunnel. Then decide based on OTP whether to open for traffic from that tunnel or to tear the tunnel down.

kind regards,

-sig
Cancel
Vote Up 0 Vote Down

Cancel
0 Xeno over 20 years ago in reply to Sigurd_Urdahl

By default ASL does not support one time passwords. But it's possible to connect a Radius server to ASL. Then the Radius server handles the one time passwords and ASL uses the Radius server for making the authentication. This can be used with L2TP or PPTP for example. It would even work for HTTP Proxy or other ASL services which can use Radius for authenticaion.

Xeno
Cancel
Vote Up 0 Vote Down

Cancel
0 bagira over 20 years ago in reply to Xeno

But you have to take care about the authentication mechanism. ASL only supports MSChapv2 without console hacking. If you use RSA Secure ID for example, CHAP is used for authentication. A look in the autentication log may help you to find the mechanism of your Secure ID Server.
Cheers,
bagira
Cancel
Vote Up 0 Vote Down

Cancel