Two unrelated feature requests

Product Discussion Feature Requests
1

I have two unrelated feature requests:

  1. This one may seem odd, and it only would work on the present product line if the USB port supports connecting to USB devices through USB hubs if one needs to support this plus USB modem fallback. But I’d like to see support added for hardware keys like Yubikey’s. Discover YubiKeys | Strong Two-Factor Authentication for Secure Login
    In other words, require a hardware token to be plugged into the router’s USB port in order to login for administration purposes. It would be a cheap way to add another level of security. Whether admins leave the token plugged in all of the time, or don’t, is their business. But it might be one way of requiring the admin mucking with the router to be physically at the router’s location. Which might be valuable for some people. It certainly would be a unique feature, as near as I can tell.

Anyway, worth thinking about.

  1. The other request, which would be of use to me now, is to extend the “Internal Network Firewall Rules” (Advanced –> Firewall –> Access Rules) to NOT be limited to transitions between VLANS. Right now, these rules only seem to be active for internal traffic between VLANS. I would like to see these rules also be enforced (or allow it optionally be enforced with a checkbox?) between devices on the same VLAN.
2

Hi,

  1. Hardware Two Factor Authentication is an interesting idea but it kinda goes against the trend of easy remote management using a centralised service - so unlikely to be something we’d consider. We do support two factor authentication on InControl though, and local device admin accounts can be authenticated against an enterprise radius server currently - so perhaps we could consider 2FA for local device logon in the future if that was a popular requirement.

  2. Firewall rules between devices on the same vlan is not really practical - especially when the peplink isn’t the only device that is presenting the vlan to the end devices (such as an additional managed switch), since the network traffic flowing between the two devices in question wouldn’t come anywhere near the Peplink and would instead flow directly between the endpoints. If you want to restrict traffic flow between two devices they need to be in their own vlans or firewall rules need to be in place on the client end points themselves.

1 Like
3

Motion to vote for yubikey support? Moved and seconded!

I also use Yubikey 5’s religiously, and would love to see support for them, both locally as well as in Ic2.

I was hoping for a bit of a different approach for Yubikey login, but highly welcome the aforementioned approach in regards to plugging the Yubikey directly into the router.

The other approach that I would like to see is having to plug in the Yubikey into your computer to verify web interface access log in.

Just adding the Yubico API for One Time Password login (OTP) to the web interface would be a great security upgrade and I don’t think It would be too much work in the development phase. After all, word-press does it with just a simple plug in.

Either way, to emphasize my support for Yubikey, I would just like to point out that Yubico (and their partnership with google) is on the forefront of encryption key technology, and Peplink, is on the forefront of proprietary router/switch technology. I think it would be a great match to show some support for Yubikeys and possibly the brand new Librem Key from Purism.