They have it, but do not have a way right now to authorize it in the separate ToTP field. forum.netgate.com/topic/164678/openvpn-static-challenge-totp?_=1624625305372
Lawrence, great video. Quick question: Can some of your openvpn untangle accounts be non MFA? In other words, can I create a second MFA account for each user and slowly bring them over? Terrified of cutting critical users off. I'd rather have each user deploy it and test it before I delete their original non MFA account.
What am I missing here? If I remove 'static-challenge "TOTP Code " 1' from my config file users only need username/password and brute forcing is possible. Shouldn't MFA be enforced server side? Also TOTP has been broken in the Linux Network Manager GUI for years.
Or if you use an Open VPN Client that does not appear to support the Static-challenge ( testing with OpenVPN for Android 0.7.33), you are not prompted for a ToTP code and can connect just fine with the username and password. MFA needs to be enforced server-side for this to add any security.
@@LAWRENCESYSTEMS ya that’s kinda useless and beyond terribly inconvenient, especially with mobile users on cellular networks where the users are in motion (aka vehicle) and run through dead zones in connectivity... I’d be more inclined to doing radius auth with a tightly controlled config, including limiting individual accounts to a single login and scripting limitations based of the clients connecting address, among other things internally for resource access such as no direct access to any resources other than via proxies connections (among other things)...
What hardware are you using for untangle? Can you share to us the links? Am looking for routers with supports for web filtering. Already using fortigate, they’re works great, but not for the pricelist. Thanks
Hi Lawrence your videos are nice. I need your help basicly i have openvpn server 2.5 version and it shows 2fa for web portal but when i connect the vpn it does not ask me for 2fa
Can untangle do reverse-proxy/port forwarding with TOTP for protecting Webapps without VPN as well (allow dynamic clients for some time to …). Can this be used as a general TOTP server/user database?
Awesome! Thanks for letting us know. Really appreciate your content both technical and business related
Very cool to have that in Untangle. I wonder if pfSense will have this in the future?
There is Google Authentication OTP in FreeRadius already on pfSense.
They have it, but do not have a way right now to authorize it in the separate ToTP field. forum.netgate.com/topic/164678/openvpn-static-challenge-totp?_=1624625305372
That logo on the t-shirt, so alive!
Lawrence, great video. Quick question: Can some of your openvpn untangle accounts be non MFA? In other words, can I create a second MFA account for each user and slowly bring them over? Terrified of cutting critical users off. I'd rather have each user deploy it and test it before I delete their original non MFA account.
What am I missing here? If I remove 'static-challenge "TOTP Code " 1' from my config file users only need username/password and brute forcing is possible. Shouldn't MFA be enforced server side? Also TOTP has been broken in the Linux Network Manager GUI for years.
Or if you use an Open VPN Client that does not appear to support the Static-challenge ( testing with OpenVPN for Android 0.7.33), you are not prompted for a ToTP code and can connect just fine with the username and password. MFA needs to be enforced server-side for this to add any security.
Latest Untangle update is enforcing TOTP server side. 👍🎊
Works great here
Same feature available in Opensens as well. AD+TOTP
More untangle videos please
Great video. Does untangle still offer free version? Cant find free download link anymore on their website!!!
It seems nice, but i'm wondering how all this handle the disconnect and auto-reconnect of the openvpnclient ?
You put in the 2FA each time
@@LAWRENCESYSTEMS ya that’s kinda useless and beyond terribly inconvenient, especially with mobile users on cellular networks where the users are in motion (aka vehicle) and run through dead zones in connectivity...
I’d be more inclined to doing radius auth with a tightly controlled config, including limiting individual accounts to a single login and scripting limitations based of the clients connecting address, among other things internally for resource access such as no direct access to any resources other than via proxies connections (among other things)...
What hardware are you using for untangle? Can you share to us the links?
Am looking for routers with supports for web filtering. Already using fortigate, they’re works great, but not for the pricelist.
Thanks
When we deploy for clients we use there hardware.
Hi Lawrence your videos are nice. I need your help basicly i have openvpn server 2.5 version and it shows 2fa for web portal but when i connect the vpn it does not ask me for 2fa
Do you know if the TOTP + AD auth (ldap) is possible ? I mean not only using the local user repository
I have not tested it.
How did you download the ConnectWise Control client for Linux? I couldn't find the download for it.
The Connectwise Control server has a Java client that works in Linux.
Can untangle do reverse-proxy/port forwarding with TOTP for protecting Webapps without VPN as well (allow dynamic clients for some time to …). Can this be used as a general TOTP server/user database?
Not that I am aware of.
Wireguard Wireguard Wireguard
👍🤗
First