On 11/11/2009 08:13 AM, self.away wrote:
> Hi.
> I'm trying to setup a remote access vpn (user dials up from home to
> our vpn server).The first goal was to set up a pptp vpn based on
> microsoft rras which turned out pretty easy.
> Now it has been required to add an extra layer of security to vpn
> authentication by adding a certificate which as far as i read it
> should be accomplished adding EAP authentication to our vpn pptp
> configuration.
> However it seems when adding EAP to vpn pptp ,authentication login to
> our VPN will only require certificate installed on remote vpn user
> workstation and not user/password.
> How can i get both user/password and certificate in the authentication
> process for vpn pptp with microsoft rras?
> Is there any other opensource vpn solution based on two-factor authentication?
As for the last question, there are a number of options, though the
easiest will probably not be a 100% open source solution, because you
are going to an MS authentication server. What you really want to think
about is what VPN solutions work with what two-factor authentication
solutions using the authentication protocols in my environment.
I discussed this strategy in a recent webinar, which you can see here:
http://rec1.dimdim.com/view/dimdim/183030aa-1f68-102d-9515-003048642bd7
which describes two-factor auth, auth protocols & a number of
open-source remote access solutions.
two-factor and astaro:
http://www.wikidsystems.com/support/wikid-support-center/how-to/how-to-a
dd-wikid-two-factor-authentication-to-the-astaro-security-gateway
increasing the security of pptp (poptop):
http://www.howtoforge.net/security-issues-and-poptop-pptp
If you're need for both a password and a cert is driven by regulatory
requirements, you should also make sure that you can prove the cert has
a passphrase and key expiration.
HTH,
Nick
--
Nick Owen
WiKID Systems, Inc.
http://www.wikidsystems.com
Commercial/Open-source Two-Factor Authentication
http://twitter.com/wikidsystems
#wikid on irc.freenode.net
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
> Hi.
> I'm trying to setup a remote access vpn (user dials up from home to
> our vpn server).The first goal was to set up a pptp vpn based on
> microsoft rras which turned out pretty easy.
> Now it has been required to add an extra layer of security to vpn
> authentication by adding a certificate which as far as i read it
> should be accomplished adding EAP authentication to our vpn pptp
> configuration.
> However it seems when adding EAP to vpn pptp ,authentication login to
> our VPN will only require certificate installed on remote vpn user
> workstation and not user/password.
> How can i get both user/password and certificate in the authentication
> process for vpn pptp with microsoft rras?
> Is there any other opensource vpn solution based on two-factor authentication?
As for the last question, there are a number of options, though the
easiest will probably not be a 100% open source solution, because you
are going to an MS authentication server. What you really want to think
about is what VPN solutions work with what two-factor authentication
solutions using the authentication protocols in my environment.
I discussed this strategy in a recent webinar, which you can see here:
http://rec1.dimdim.com/view/dimdim/183030aa-1f68-102d-9515-003048642bd7
which describes two-factor auth, auth protocols & a number of
open-source remote access solutions.
Here's some how-tos that might help as well:
two-factor authentication & openvpn:
http://www.wikidsystems.com/support/wikid-support-center/how-to/using-wi
kid-strong-authentication-with-openvpn
two-factor and astaro:
http://www.wikidsystems.com/support/wikid-support-center/how-to/how-to-a
dd-wikid-two-factor-authentication-to-the-astaro-security-gateway
increasing the security of pptp (poptop):
http://www.howtoforge.net/security-issues-and-poptop-pptp
If you're need for both a password and a cert is driven by regulatory
requirements, you should also make sure that you can prove the cert has
a passphrase and key expiration.
HTH,
Nick
--
Nick Owen
WiKID Systems, Inc.
http://www.wikidsystems.com
Commercial/Open-source Two-Factor Authentication
http://twitter.com/wikidsystems
#wikid on irc.freenode.net
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------
[ reply ]