- This topic has 4 replies, 2 voices, and was last updated 4 years, 5 months ago by Fisher246.
-
AuthorPosts
-
March 25, 2020 at 3:49 pm #51982
So I thought this would be simple. We use Cisco Anyconnect with Duo MFA. The process of connecting the VPN on a laptop is as simple as entering username, password and the word ‘push’ in the ‘Second Password’ field of the Anyconnect VPN Client.
I’m having play with a Wyse / Dell 3010 with ThinOS 8.4.something and setting up OpenConnect VPN. I can get it to work fine if I disable DUO MFA for the account I’m playing with, but when its enabled you do not get the ‘Second Password’ field to type in ‘push’. Now I get that the second password field might not be supported in the GUI and was hoping there would be something in the confgen for this OR just something I can add to the serialnumber.ini files in the ‘inc’ folder.
Anyone got this working or is it MFA for Openconnect in ThinOS a step too far?
March 26, 2020 at 5:07 pm #51996OpenConnect is just supporting username/password/domain. Nothing else.
CG
March 27, 2020 at 8:16 am #52001That is indeed a shame. Openconnect under LINUX does support the second password field to specify the ‘push’ statement. Are you aware if any of the new Dell thin-clients are able to support this?
Its a shame if not and would suggest not moving with the times. HP thin clients are working well with MFA.
March 29, 2020 at 1:27 pm #52004I am not sure about ThinLinux. Windows IoT will support it for sure.
I had a trial installation of DUO running in my lab. After the trial expired I have contacted DUO to get a permanent trial license for my lab. Unfortunately, they were not able to assist here. Not very good support I would say. Otherwise, I would have been able to do some tests and give precise feedback.
CG
March 30, 2020 at 9:04 am #52007Morning,
DUO offer a free (up to 10 user) account with full MFA functionality. You have the option of switching from the trial to free account yourself in their portal. As well as our work account I set a free account up for home use and have all our home devices using it for free. For support, I’ve always found them very helpful even with the free account – maybe that’s changed since being taken over by Cisco, but they helped me last week when I was looking to get the second password field working in OpenConnect on Linux.
Looking to see if we can set the default option to ‘push’ via the firewall, therefore taking the Wyse out of the equation. But not keen on making config changes to production environments at the moment – don’t want to risk bringing anything down.
Rgds
-
AuthorPosts
- You must be logged in to reply to this topic.