Two Factor VPN options?

We have a Peplink Balance 20 for a small accounting office of about 25 people. I’ve been asked to look into remote access options. I’ve played with the Remote User Access feature in the Peplink, but with some recent hacking incidents in the industry, I’m looking for something beyond a simple username and password. I’m thinking some kind of second identification. A PIN or maybe something like Google Authenticator.

Does Peplink support this natively in any fashion? Anyone using anything like that along side a Peplink router?

Thanks,

  • Steve
2 Likes

2 factor authentication is currently not available for the remote user access. I will move you to feature request and let engineering team to consider the request.

3 Likes

Just registered to +1 this request.

Would really like to see some sort of native 2 factor authentication for users connecting through the PepLink Balance 20’s VPN tunnel.

Thank you

1 Like

+1 Too.
Currently searching for a product with this feature

1 Like

This is becoming more important these days with remote users. Is there an update to this feature request? Thx

1 Like

Steve, Did you ever find a solution for this request? Thanks.

2 Likes

+1

valuable to have two factor auth… ic2, admin page, remote vpn, etc

1 Like

Did you guys find a solution to this? 2FA would be great.

1 Like

One of our client uses DUO and it works great.
@keith @AskTim @sitloongs I think some kind of app and push notification like DUO for firewall rules and vpn connections would be a great addition to the peplink feature set.
I have a client that wants to actually remove the peplink equipment we have put in as it doesn’t support zerotrust.

1 Like

With POPIA and GDPR we are getting a lot of requests now for 2FA on our VPN connections.

We are a DUO Security user and it works great, but I cannot get it to pass–thru our Peplink. At least I think that is what prevents the push prompt from reaching my cell. Does the client you reference use an edge router other than Peplink?

I was able to get DUO configured to work with our RRAS. We have a Balance One Core.

Hi there, would you happen to know if this would also work with our fusionhub instance?
I’m looking for a way to somehow integrate DUO push for users to connect via VPN to our fusionhub device.

I am not familiar with the FusionHub product, but I can offer that the key to getting the push to work will be to get your inbound/outbound rules in place. In my case Inbound Port Forwarding, a NAT Mapping, Internal + Inbound + Outbound Firewall Rules were essential.

Keep in mind that other considerations are important as well. Namely, the base setup of your router will impact how DHCP may be handled, and also the internal network (Linux, Windows). I would love to learn about the FusionHub - I vaguely understand that it can act as a hot failover between two internet lines, but perhaps that is not the full story. For example, what router do you have between the FusionHub and your network - also a Peplink product?

Let me know if you have more questions.

Our setup is as follows:

AWS hosted FusionHUB instance
Multiple deployed HD4’s that have 4 carriers sims+WAN uplink if available.

The HD4’s connect to fusionhub over speedfusion.
Speedfusion bonds all uplinks with failover/aggregation.

What we want to do that is currently working:
User connects via L2TP VPN to the Fusionhub instance in AWS
Once connected, user can access devices that are locally attached to any HD4 (ie. a camera)

What want to do:
Enable 2factor on the L2TP VPN connection to Fusionhub.

The current allowed authentication methods on the fusionhub/pepwave device are:
Local users, LDAP, RADUIS, AD

I wanted to use DUO for push auth 2fac. I think the only thing that may work would be:
Build an AD server and use LDAP with DUO LDAP proxy
Build Radius server and install DUO Radius proxy

And yes we have existing AD for corp but not available currently to use due to security policies. Possible afterwards since this is still proof of concept

+1 for me…
Using DUO for remote support of one of my clients and it works great.
Would like to see something like that compatible with PEPLink products that We use.

I have DUO working with Peplink now.

Users use L2TP VPN to connect to Pepwave.

Pepwave queries AD for LDAP looking up. Then passes over to DUO Auth for 2FA before allowing connection to VPN.

Can you give me a breakdown of how you set this up/ got it to work as i am trying to do a similar setup where remote users connect to a balance 20 device with vpn, then use rdp to connect in. I want the duo 2 factor to work on the rpd login session

Hey there,

Do you just want the DUO 2FA for RDP? Because that is easy if you’re trying to just do that.

But if you want the DUO 2FA for the VPN connection, that is different.

Hi mate, just the DUO 2FA for RDP, i already have a connect on demand setup per user for the VPN connection.

cheers