We are using certificate authentication for our remote VPN users, and everything works fine. Certficates are stored on a smart card, and ActivClient is used as a middleware for the certificates. We use those certificates to logon into the Windows machines also, and have the VPN Always-on function enabled, so after booting up and logging in, the VPN is automatically started and connected. The PIN used for the smart card is automatically passed for the VPN authentication from Windows logon, we have enabled it through a registry setting for the ActivClient PIN caching (EnablePINCacheForPINAlwaysPrivateKeys).
As we also have TPM (Trusted Platfom Module) on Windows, we would like to use the same function of PIN caching as we have for the smart cards. With TPM, after logging in into Windows, another pop-up shows asking for the same PIN again for the client VPN authentication. Does anybody know if this is possible to overcome, to have the PIN cached for the TPM? So the VPN client would automatically connect without the user knowing. I know this is not strictly a Check Point thing, but maybe someone could help, or had the same situation.