Steve, Did you ever find a solution for this request? Thanks.
2 Likes
+1
valuable to have two factor auth… ic2, admin page, remote vpn, etc
1 Like
Did you guys find a solution to this? 2FA would be great.
1 Like
One of our client uses DUO and it works great.
@keith @AskTim @sitloongs I think some kind of app and push notification like DUO for firewall rules and vpn connections would be a great addition to the peplink feature set.
I have a client that wants to actually remove the peplink equipment we have put in as it doesn’t support zerotrust.
1 Like
With POPIA and GDPR we are getting a lot of requests now for 2FA on our VPN connections.
We are a DUO Security user and it works great, but I cannot get it to pass–thru our Peplink. At least I think that is what prevents the push prompt from reaching my cell. Does the client you reference use an edge router other than Peplink?
I was able to get DUO configured to work with our RRAS. We have a Balance One Core.
Hi there, would you happen to know if this would also work with our fusionhub instance?
I’m looking for a way to somehow integrate DUO push for users to connect via VPN to our fusionhub device.
I am not familiar with the FusionHub product, but I can offer that the key to getting the push to work will be to get your inbound/outbound rules in place. In my case Inbound Port Forwarding, a NAT Mapping, Internal + Inbound + Outbound Firewall Rules were essential.
Keep in mind that other considerations are important as well. Namely, the base setup of your router will impact how DHCP may be handled, and also the internal network (Linux, Windows). I would love to learn about the FusionHub - I vaguely understand that it can act as a hot failover between two internet lines, but perhaps that is not the full story. For example, what router do you have between the FusionHub and your network - also a Peplink product?
Let me know if you have more questions.
Our setup is as follows:
AWS hosted FusionHUB instance
Multiple deployed HD4’s that have 4 carriers sims+WAN uplink if available.
The HD4’s connect to fusionhub over speedfusion.
Speedfusion bonds all uplinks with failover/aggregation.
What we want to do that is currently working:
User connects via L2TP VPN to the Fusionhub instance in AWS
Once connected, user can access devices that are locally attached to any HD4 (ie. a camera)
What want to do:
Enable 2factor on the L2TP VPN connection to Fusionhub.
The current allowed authentication methods on the fusionhub/pepwave device are:
Local users, LDAP, RADUIS, AD
I wanted to use DUO for push auth 2fac. I think the only thing that may work would be:
Build an AD server and use LDAP with DUO LDAP proxy
Build Radius server and install DUO Radius proxy
And yes we have existing AD for corp but not available currently to use due to security policies. Possible afterwards since this is still proof of concept
+1 for me…
Using DUO for remote support of one of my clients and it works great.
Would like to see something like that compatible with PEPLink products that We use.
I have DUO working with Peplink now.
Users use L2TP VPN to connect to Pepwave.
Pepwave queries AD for LDAP looking up. Then passes over to DUO Auth for 2FA before allowing connection to VPN.
Can you give me a breakdown of how you set this up/ got it to work as i am trying to do a similar setup where remote users connect to a balance 20 device with vpn, then use rdp to connect in. I want the duo 2 factor to work on the rpd login session
Hey there,
Do you just want the DUO 2FA for RDP? Because that is easy if you’re trying to just do that.
But if you want the DUO 2FA for the VPN connection, that is different.
Hi mate, just the DUO 2FA for RDP, i already have a connect on demand setup per user for the VPN connection.
cheers
Hi Noel,
For that, its really a DUO deployment that you will need to do.
Basically this is what you want to do - (i’ll link you to the documentation from DUO also)
- Log in to your DUO mgmt portal
- Go to Applications and - Protect an Application
- Search for Microsoft RDP
- Note your hostname, integration key , and secret.
- Download the DUO RDP client and install it on the workstation that you want to enable 2FA on
- During installation, you’ll enter the hostname,i-key, s-key
Once you have this installed, your users need to be created in DUO and the username must match the windows login that they are using.
I have a Peplink Balance 30, and I am looking to setup Duo 2FA for VPN users. You have insight on that?
It should work the same my FushionHub?
Do you happen to have active support from peplink? In my quest for getting DUO 2FA setup, I had to have them send me a custom firmware for some adjusted time out settings,etc.
The basics of this deployment would require you to have a server running the DUO proxy with ldap/ldaps look up enabled.
I couldnt get my radius setup properly but that’s another alternative also to get it implemented.
1 Like
I have DUO proxy running on the server and it passes all connectivity steps for LDAP. Not sure how to have the L2TP VPN connections from the peplink use 2FA.
On your peplink device, under the network → Remote User Access
You would change authentication to LDAP server. You would then use the Duo Proxy as the LDAP target
A quick break down of the auth process would be :
Users request L2TP vpn connection to your pepwave
Pepwave directs LDAP look up to the DUO Proxy
DUO Proxy contacts your AD/LDAP server for auth
DUO sends push/prompt for access
2 Likes