Re: IPSec MFA in Fedora 34

rlanhellas · ‎2021-11-04

Today I'm using Windows 10 to connect in my company VPN. This VPN use MFA in this way:

I enter user/pass
I receive SMS or Answer a secret question.
I put sms code in checkpoint client , if I choose receive SMS.
I'm connected.

Now I'm migration to Fedora 34, and I didn't found a way to connect to my vpn using MFA, I tried some solutions like: snx cli, snxconnect in python, install checkpoint using wine. But unhappy nothing worked.

Is possible using Fedora 34 (Linux in general) with MFA in Checkpoint VPN ?

PhoneBoy · ‎2021-11-04

Your two options on Linux are SNX and StrongSWAN (the latter of which assumes R81+ gateways).
SNX doesn't support a multi-stage authentication.
Don't believe StrongSWAN does either.

rlanhellas · ‎2021-11-06

So, I don't have option, I need to use Windows or MacOS. 😞

G_W_Albrecht · ‎2021-11-06

Read along here - https://strongswan.org/ ! StrongSwan supports MFA with IKEv2 Multiple Authentication Exchanges (RFC 4739). RADIUS is one possibility i saw mentioned.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

rlanhellas · ‎2021-11-06

How can I check if my company use Radius ? Unhappy I don't have access to this informations.

PhoneBoy · ‎2021-11-06

You really need to work with your IT folks on this.
They can place restrictions on the exact types of clients you’re allowed to use to connect to the gateway.
Believe their assistance will also be required to use StrongSWAN.

rlanhellas · ‎2021-11-07

Yes, I agree. But unhappy they said that Linux is not support nowdays.

G_W_Albrecht · ‎2021-11-08

Why then the change to Fedora 34 ? If the company you are working for can not provide a VPN client for Fedora 34 they also can not tell you to migrate to that OS.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

Are you a member of CheckMates?

IPSec MFA in Fedora 34