On Fri, Nov 08, 2013 at 02:38:33PM +0200, Kapetanakis Giannis wrote: > Hi, > > I would like to discuss some suggestions about VPN to multiple road > warriors. > > So far we're using OpenVPN, but I want to change that or at maybe > offer L2TP/IPsec in addition to OpenVPN. > > Playing around with npppd was straight forward and I was quite > impressed with it. Good job. > EAP-TLS would also be a very nice feature to have. > > What I'm wondering is what you guys do to setup the ipsec path of > the tunnel. > > One option is to use a unique pre-shared key for all clients. But > this is probably insecure since > it opens MITM attacks. Isn't it? > > Best option would be is to use a PKI infrastructure for your > clients. Isn't that a pain in the ass for users (user registration, > key deliveries etc). > How do you guys manage this for best user experience and > compatibility with most OSes?
Is there a dual-factor authentication for VPN on OpenBSD? We use Gemalto tokens with fixed password at work, although it's not OpenBSD based. jirib
