Two Factor VPN options?

phuongle · July 5, 2021, 11:13pm

Hi Noel,

For that, its really a DUO deployment that you will need to do.

Basically this is what you want to do - (i’ll link you to the documentation from DUO also)

Log in to your DUO mgmt portal
Go to Applications and - Protect an Application
Search for Microsoft RDP
Note your hostname, integration key , and secret.
Download the DUO RDP client and install it on the workstation that you want to enable 2FA on
During installation, you’ll enter the hostname,i-key, s-key

Once you have this installed, your users need to be created in DUO and the username must match the windows login that they are using.

inegralsystemsok · July 30, 2021, 4:09pm

I have a Peplink Balance 30, and I am looking to setup Duo 2FA for VPN users. You have insight on that?

phuongle · August 2, 2021, 11:03am

It should work the same my FushionHub?

Do you happen to have active support from peplink? In my quest for getting DUO 2FA setup, I had to have them send me a custom firmware for some adjusted time out settings,etc.

The basics of this deployment would require you to have a server running the DUO proxy with ldap/ldaps look up enabled.

I couldnt get my radius setup properly but that’s another alternative also to get it implemented.

inegralsystemsok · August 3, 2021, 10:02pm

I have DUO proxy running on the server and it passes all connectivity steps for LDAP. Not sure how to have the L2TP VPN connections from the peplink use 2FA.

phuongle · August 4, 2021, 7:51am

On your peplink device, under the network → Remote User Access

You would change authentication to LDAP server. You would then use the Duo Proxy as the LDAP target

A quick break down of the auth process would be :

Users request L2TP vpn connection to your pepwave
Pepwave directs LDAP look up to the DUO Proxy
DUO Proxy contacts your AD/LDAP server for auth
DUO sends push/prompt for access

inegralsystemsok · August 4, 2021, 8:28am

Thank you so much. You are so helpful! I think my problem may be that my Peplink Balance 30 doesn’t remote user auth via LDAP/RADIUS. When I navigate there, I do not even see a setting for authentication,

Reading through this thread, Radius auth for PPTP/L2TP VPN - #4 by sitloongs, it appears that the Balance 30 just can’t do it.

phuongle · August 4, 2021, 8:48am

Ahh gotcha!

SIR · January 24, 2023, 6:11pm

I understand that this is an old thread but I have not had much luck finding information relating to 2FA/MFA or other methods for added security on VPN connections that are set up in Peplink devices such as Balance 20X and 310X. This thread did not provide much information on options such as the local user authentication in the Peplink device and or the types of VPN options, IPsec, OpenVPN etc. Considering the massive increase in cyber attacks I find it strange that Peplink hasn’t focused more on this and that a thread started in 2016 didn’t amount to anything. If information is available elsewhere I’d certainly like to know.

nicobar · May 18, 2024, 4:09pm

+1 on this topic.
May 2024, there is still no 2FA available for FusionHub images. I can just tell you my password and the static IP and you can log in, I don’t even get a notification that someone has logged in!

Am I missing something?

mldowling · May 19, 2024, 4:44pm

Hello @nicobar,
Welcome back, Nicola, to the Peplink Community Forum.

One of the best and most secure ways (including with 2FA/MFA) to manage the Peplink FusionHub is via the Peplink InControl2 platform. When set up correctly, there is no way to log in directly from the outside world into the FusionHub; the only way available is via Peplink’s InControl2 portal using the encrypted Remote Web Admin.

Happy to Help,
Marcus

Gavin_Pitt · May 30, 2024, 11:18am

Agreed I would love to know as well.