Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

VPN disable reauthenticate

Is it possible to disable re-authentication for Mobile Access and other VPN clients? I see the option to set the re-authentication timer in the Global Properties, but not sure if setting this to 0 will disable re-authetnication, or if there is an actual method. Currently it's set to 720 minutes (12 hours)

 

2020-03-19_16h43_34.png

0 Kudos
3 Replies
Highlighted
Admin
Admin

As far as I know, no.
You don't necessarily want to make the re-authenticate user option long, but you can cache the password on the client for longer.
Or use certificate-based authentication and have the certificate installed in the OS certificate store.
That should effectively keep the user connected for as long as they're logged in.
0 Kudos
Highlighted

That's unfortunate. The problem with the client re-authenticating for us is that we have two factor authentication.

If a user forgets to log out of VPN, they will receive a two factor authentication prompt when the VPN re-authentication occurs, which they mark as a fraudulent access attempt. A manual re-authentication would be preferred.

0 Kudos
Highlighted
Admin
Admin

I think, but I'm not sure, that this is also tied to the rekey of the underlying IPsec connection, which definitely cannot be unlimited (nor is it recommended to be).
In any case, it's generally recommended for security reasons to periodically reauthenticate.
0 Kudos