Setting up 2FA TOTP for Users
Jim_SDCU
Newbie ✭
in VPN Client
Currently we use the Global VPN client (laptops) to connect to network then RDP to their workstations, but as time marches on it's time to start using 2FA.
They would prefer to continue as they are and just add TOTP (Google Authenticator) to the mix but from what I've read so far it's not looking good. It looks like it's NetExtender option but not sure etc..
Can someone actually point me to the correct (read a few) setup and what options are needed etc (SSL or not) ?
TIA
Jim..
Category: VPN Client
0
Answers
Did you read?
GVPN only supports OTP from an RSA SecurID.
SSLVPN (NetExtender) can use any 'authenticator' App.
ok, so i did browse that doc, and still running into something not right
So i set 1 user as 'represents domain user' , SSLVPM Services, TOTP Users (group)
ensured LDAP was working
NetExtender:
Server: Public IP
User: Test1 or domain\Test1
Pwd: as per domain policy
not verifying user, missing something right in front of me but don't see it,
I would not recommended manually creating the user, but importing the user from LDAP.
So had some issues I guess with my ldap but managed to get that working and imported 2 users, made them part of the sslvpn group etc, downloaded the applications (netextender) to usb and installed on a laptop. ran netextender and entered the public ip, username/password/domain, get a certificate popup to trust, then I get failed username and/or password. Am I supposed to use Username of Logon name? ie: IT Support or itsupport? Also I didn't see anything mentioned in any doc about setting the port 4433 as a access rule or in netextender, only place that's setup is in sslvpn server settings
Ignore last comment, I muddled my way through that part, Now I have it down to a DNS issue for mapping drives etc, or remoting to a pc