Hi Everyone,
My $dayjob issues Windows laptops for remote work. The laptops are
installed with Cisco AnyConnect. I am fairly certain AnyConnect is
using a SSTP configuration (but I have not conformed with Wireshark).
When I connect to the VPN using AnyConnect, I have to enter a
{username,password} pair, and then a MFA challenge code.
The point-to-site vpn leaves a lot to be desired. The vpn is not
available until I log in, and my profile is not loaded at WIndows
login or saved at logout.
I want to create a site-to-site vpn. I want to add a debian-based
router on my internal network, and then connect the laptop directly to
the router. I think my choices are strongSwan or OpenVPN.
My question is, does strongSwan or OpenVPN allow on-demand VPN over
SSH with credential prompts? That is, I want to SSH into the router,
then manually enter username, password and mfa code when I start the
VPN. I believe I can use charon-cmd for the {username, password}
prompt, but I am less clear on the mfa challenge that follows.
Thanks in advance,
Jeff
