Server2012 L2TP VPN uses AD domain account + TOTP two-factor authentication

totp

#1

hi, all
I built an L2TP VPN on server2012. It is ok to use raidus authentication in NPS. When I want to use two-factor authentication with privacyIDEA, L2TP VPN is integrated into
When the integration with freeradius occurs, an error message appears. For detailed error information, see the attached log error. Before I tested openvpn is successful, please help me to see where the L2TP VPN is wrong?

radiusL2VPNconfPrivacyidea%20configuration%20fileprivacyidea%20logprivacyidea%20GUI


#2

You get a result-status false in the freeradius log.

"privacyIDEA Result status is false!"

This means, that privacyIDEA was not able to handle the request.

You should take a look in the privacyidea audit log or increase the log level to take a look at the privacyidea.log file.
The time of the privacyidea.log file does not match the error in the freeradius log!


#3

hi,Cornelius
thank you for your help
I tested today that L2TP using pap authentication is successful, but using chap or chap-v2 will Result in the error “privacyIDEA Result status is false”

In addition, error “ERR905: Missing parameter: ‘pass’” will be reported in the Audit of privacyIDEA. Is it true that freeradius does not support chap authentication?The attachment is my error information.

Could you please help me to find out the reason? thanks
Error message
privacyidea%20Audit1

The pap certification is OK. Please find the attached picture
PAP%20is%20OK


#4

OTP in this case only works with PAP.
It can not work with CHAP by design.


#5

Thank you very much for your answer.
I also found your answer to this type of question in the Google search.Currently, I’m still a novice, and as far as I know of privacyidea, it’s a very powerful authentication system that supports many platforms。