TOTP VPN to watchguard via radius - group

1

Hello, I have hit a Wall I don’t know what to do, plz save me!
I want to do 2FA with TOTP on a watchguard VPN. I setup my Radius server with the perl pluggin on another VM.
Everything work when I try to use the Radius with the web interface of the privacyidea website.
Everything work when I test the radius locally. I can even see the Filter-ID: SSLVPN-USERS.
This is a VPN group from my AD that allow access to the watchguard VPN.

image
image975×258 90.6 KB

image
image975×144 42.2 KB

As you can see, the VPN group is included in the radius answer.
As you can see on the screenshot bellow, from my firewall. My radius doesn’t include the right group membership in his answer to allow watchguard to allow my vpn connection.

image
image975×278 88.8 KB

Is it the fault of my Firewall that doesn’t understand the AD group? Is it possible forms me to use a group directly on my firewall? What is my option? I I’m missing something ?

This is my rl.perl.ini file :

image
image783×681 103 KB

2

image

I fix it, I did not undestard how regex work.
Not the response of the Filter-Id is the group name only.

I kind of strange to because, I created a local security group on my Firewall for the radius server. To make the thing work I had to recreate the same group in my AD. I guest It was needed to include the correct group in the Filter-Id attribute

1 Like