This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
rlanhellas
Explorer
‎2021-11-04 11:56 AM

IPSec MFA in Fedora 34

Today I'm using Windows 10 to connect in my company VPN. This VPN use MFA in this way:

 

  1. I enter user/pass 
  2. I receive SMS or Answer a secret question.
  3. I put sms code in checkpoint client , if I choose receive SMS.
  4. I'm connected.

 

Now I'm migration to Fedora 34, and I didn't found a way to connect to my vpn using MFA, I tried some solutions like: snx cli, snxconnect in python, install checkpoint using wine. But unhappy nothing worked. 

 

Is possible using Fedora 34 (Linux in general) with MFA in Checkpoint VPN ? 

0 Kudos
7 Replies
PhoneBoy
Admin
Admin
‎2021-11-04 04:46 PM

Your two options on Linux are SNX and StrongSWAN (the latter of which assumes R81+ gateways).
SNX doesn't support a multi-stage authentication.
Don't believe StrongSWAN does either.

0 Kudos
rlanhellas
Explorer
‎2021-11-06 06:59 AM
In response to PhoneBoy

So, I don't have option, I need to use Windows or MacOS. 😞

0 Kudos
G_W_Albrecht
Legend
Legend
‎2021-11-06 07:23 AM
In response to rlanhellas

Read along here - https://strongswan.org/ ! StrongSwan supports MFA with IKEv2 Multiple Authentication Exchanges (RFC 4739). RADIUS is one possibility i saw mentioned.

CCSE CCTE CCSM SMB Specialist
0 Kudos
rlanhellas
Explorer
‎2021-11-06 11:01 AM
In response to G_W_Albrecht

How can I check if my company use Radius ? Unhappy I don't have access to this informations. 

0 Kudos
PhoneBoy
Admin
Admin
‎2021-11-06 11:15 AM
In response to rlanhellas

You really need to work with your IT folks on this.
They can place restrictions on the exact types of clients you’re allowed to use to connect to the gateway.
Believe their assistance will also be required to use StrongSWAN.

0 Kudos
rlanhellas
Explorer
‎2021-11-07 04:20 AM
In response to PhoneBoy

Yes, I agree. But unhappy they said that Linux is not support nowdays.

0 Kudos
G_W_Albrecht
Legend
Legend
‎2021-11-08 12:06 AM
In response to rlanhellas

Why then the change to Fedora 34 ? If the company you are working for can not provide a VPN client for Fedora 34 they also can not tell you to migrate to that OS. 

CCSE CCTE CCSM SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events