Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
NorthernNetGuy
Advisor

VPN disable reauthenticate

Is it possible to disable re-authentication for Mobile Access and other VPN clients? I see the option to set the re-authentication timer in the Global Properties, but not sure if setting this to 0 will disable re-authetnication, or if there is an actual method. Currently it's set to 720 minutes (12 hours)

 

2020-03-19_16h43_34.png

0 Kudos
3 Replies
PhoneBoy
Admin
Admin

As far as I know, no.
You don't necessarily want to make the re-authenticate user option long, but you can cache the password on the client for longer.
Or use certificate-based authentication and have the certificate installed in the OS certificate store.
That should effectively keep the user connected for as long as they're logged in.
0 Kudos
NorthernNetGuy
Advisor

That's unfortunate. The problem with the client re-authenticating for us is that we have two factor authentication.

If a user forgets to log out of VPN, they will receive a two factor authentication prompt when the VPN re-authentication occurs, which they mark as a fraudulent access attempt. A manual re-authentication would be preferred.

0 Kudos
PhoneBoy
Admin
Admin

I think, but I'm not sure, that this is also tied to the rekey of the underlying IPsec connection, which definitely cannot be unlimited (nor is it recommended to be).
In any case, it's generally recommended for security reasons to periodically reauthenticate.
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events