Windows VPN 2FA (Two-Factor Authentication) Setup

Document10个月前release apppicks
9 views 0 0

This guide shows how to set up Windows VPN 2FA (two-factor authentication) using Protectimus multi-factor authentication system. After integrating Windows VPN with the Protectimus MFA system, to connect to Windows VPN, users will need to pass two stages of authentication:

  1. Enter their username and password.
  2. enter the one – time passcode , which is only valid for 30 second .

To generate one-time passcodes, the following types of two-factor authentication tokens will be available to your users: a 2FA application on a smartphone; delivery of one-time codes via Telegram, Viber, and Facebook Messenger; physical TOTP tokens; delivery of one-time codes by e-mail or SMS.

It is almost impossible to hack a standard password and a one-time password simultaneously. Therefore, two-factor authentication is a must-have element in protecting Windows VPN user accounts from unauthorized access and hacking using attacks such as phishing, brute force, keyloggers, social engineering, and the like.

1. Two-Factor Authentication for Windows VPN – How It Works

This guide is shows show you how to set up two – factor authentication for Windows VPN using Protectimus Cloud – base Two – Factor Authentication Service or Protectimus On – premise 2FA platform and rras component . rras integration with Protectimus via the RADIUS authentication protocol is require .

The scheme of work of the Protectimus two-factor authentication solution for Windows VPN is shown below.

2 . How to enable Windows VPN 2FA

You can set up Windows VPN two-factor authentication (2FA) with Protectimus using the RADIUS protocol:

  1. Get registered with Protectimus SAAS Service or install the On-Premise 2FA Platform and configure basic settings.
  2. install and configure Protectimus RADIUS Server .
  3. Install and configure RRAS.
  4. Configure Windows VPN authentication policies.

2.1 . Get registered and configure Basic Protectimus setting

  1. Register with the Protectimus Cloud Service and activate API or install the Protectimus On-Premise Platform (if you install Protectimus Platform on Windows, check the RProxy box during the installation).
  2. Add Resource .
  3. Add Users.
  4. Add Tokens or activate Users’ Self Service Portal.
  5. assign token to Users .
  6. Assign Tokens with Users to the Resource.

2.2. Install and Configure Protectimus RADIUS Server

Detailed instructions for installing and configuring the Protectimus RADIUS Server for OpenVPN 2-factor authentication using RADIUS are available

here

.

Specify “inline-mode” in the configuration file. In the “auth” section, add the following settings (you may specify any separator):

inline-mode: 
  enabled: true
  separator: ‘,’

2.3. Install and Configure Routing and Remote Access Service (RRAS)

rras installation

  1. open Server Manager and select “ Add Roles and Features Wizard ” from the Manage menu .
  2. In the “ Server Roles ” section , select “ Remote Access ” .
  3. In the “Role Services” section, select “Direct Access and VPN (RAS)”.
  4. Complete the installation.

rras setup

  1. start “ Routing and Remote Access ” .
  2. Select “Deploy VPN only”.
  3. Right click on the server name , then select “ configure and enable Routing and Remote Access ” .
  1. Select “Custom Configuration”.
  2. Next, check “VPN Access”.
  3. Complete the installation and start the service.

authentication setup

  1. Go to settings by right-clicking on the server name and selecting “Properties”, then switch to the “Security” tab.
  2. Select “RADIUS Authentication” from the “Authentication Provider” drop-down list.
  3. Click on the “Configure” button in the same drop-down list.
  4. Next, add a new server:
    • server name : IP address of the pc component where the RADIUS server is instal .
    • Shared Secret: the shared secret that was specified in the radius.yml file when configuring RADIUS.
    • Also select “Always use message authenticator”.
    • Leave the rest of the settings as default.
  5. Save the added server.
  1. Next , click on the “ authentication method ” button .
  2. ВIn is leave the window that appear , leave only “ unencrypted password ( pap ) ” select .
  1. save all setting .

2.4 . Set up Windows VPN

  1. Go to VPN settings.
  2. Click “Add a VPN connection”.
    • vpn provider : Windows ( build – in ) .
    • Server name or address: your server address.
    • type of sign – in info : username and password .
  3. save the VPN connection .
  1. Next, go to the adapter settings: Control Panel > Network and Internet > Network Connections.
  2. Right-click on the created VPN connection appapter and click Properties.
  3. In the “ Security ” tab , select “ allow the follow protocol ” .
  4. Leave only “Unencrypted password (PAP)”.
  1. save the setting .
  2. You have completed the Windows VPN 2FA setup, now you can test the connection.

The integration of two-factor authentication into Windows VPN is complete. If you have questions, please contact

Protectimus Support

.

Last updated on 2022-10-04

© Copyright notes
The copyright of the article belongs to the author, please do not reprint without permission.

Related posts

No comments

none
No comments...

Hot Site

Tag