3

I'm setting up a VPN that needs to have clients on Linux, Windows, and Mac.

I was planning to sue a PPTP client, with RADIUS to the SecurID RSA install, but I can't find any way to set up a linux client that has PPTP/SecurID support.

What have other people done in this situation? OpenVPN? Is there a guide to setting up SecurID tokens on a OpenVPN client?

Cisco VPNs aren't really a solution here, since I need to implement it in software on the server-side, but I could do a linux-based IPSEC VPN.

Any suggestions would be appreciated.

User
  • 131
  • 1
  • 3

1 Answers1

3

The SecurID tokens aren't supported because the validation software is non-free, as far as I know. I've had a lot of fun with the yubikey hardware OTP generator for better-than-username-and-password authentication via PAM. The yubikeys are also noticeably cheaper than SecurID tokens, and don't seem to have a limited lifespan.

Specifically, I've setup ssh using the yubikey for authentication, which opens up the possibility of using ssh-based VPNs. My writeup's at http://www.teaparty.net/technotes/yubikey.html if it's of any use to you. Everything involved is GPLed or better.

I've also seen people using PAM-based authentication steps with OpenVPN, which opens the possibility of getting OpenVPN to work with the yubikey. The guys at Securix Live say they're working on a fully two-factor PAM module for the yubikey, and while I haven't been able to get it to work yet, that would give you the final piece of what you asked for.

If you do get OpenVPN working with a yubikey, do let us know - and write about it!

MadHatter
  • 78,442
  • 20
  • 178
  • 229