Hi privacyIDEA community,
I am looking to integrate FortiGate IKEv2 IPsec VPN with Active Directory authentication and privacyIDEA OTP using FreeRADIUS.
My goal is to have MFA for VPN users, ideally with a second OTP prompt in the VPN client.
-
Is it possible to have privacyIDEA handle OTP verification for IKEv2 VPN sessions?
-
If yes, what is the recommended configuration on privacyIDEA and FreeRADIUS to achieve this?
-
Are there specific settings (e.g., EAP-MSCHAPv2) that need to be enabled for this scenario?
Any guidance, examples, or best practices would be greatly appreciated!