2FA for VPN
Good morning from the not so sunny UK!
We have several ER7206 (and a few ER605) based at different clients sites, and we would like to have the ability to add 2 factor authentication to the VPN setup please. This feature nowadays is a must have for cyber assurance purposes, so it seems daft to have to implement another VPN solution when you have 99% of it already built into the router. It's just missing that last option!
Even the OpenVPN server built into the ER7206 doesn't appear to have the option for 2FA, and to my knowledge this is standard option for the OpenVPN server.
This router fulfills all of our requirements and the Omada ecosystem as a whole is fantastic, it's just this one drawback!
Many thanks.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
seki1975 wrote
It's a great shame that such a large company as TP-LINK hasn't been able to solve this yet, perhaps through QR or some other method... the question is whether they will solve it at all... and yet they sell their most expensive network products as "BUSINESS class", which has nothing to do with this segment, I would say, because 2FA authentication is the very basis of VPN security.
I agree that 2fa would have been nice to have on the Omada controller, but I am very interested in what you write, you make it sound like all enterprise solutions have 2fa built in as standard, do you have any examples of who comes with this in their solutions without being dependent on third party software? You can use 2fa with Omada if you use, for example, Microsoft Radius Server and Omada SSL Server. I have worked a lot with Cisco Unifi and Mikrotik in recent years, none of them have 2fa built in. So again I am very interested in products with 2fa as standard out of the box.
- Copy Link
- Report Inappropriate Content
Vigor3910, Vigor2962, firmware version 4.3.2 or later .....about 5 years old device....
- Copy Link
- Report Inappropriate Content
A router that has 2FA out of the box, yes that's not bad, I guess Omada comes with 2FA too so then there will be two that have 2FA. We'll give them some time in the meantime, Vigor routers are a good alternative for anyone who wants 2FA out of the box.
- Copy Link
- Report Inappropriate Content
I wrote this here before in the forum...but it's been about a year and no change, so TP LINK has also improved it? It seems not....I have OMADA but I use it locally in the installation room not in front of CLOUD OMADA .....ER706W v1.0
- Copy Link
- Report Inappropriate Content
Good day one and all!
So it's been a fair while now and still nothing. We've found ways around this to a degree, but it would be just soooooo much easier if it was a tick box for "Allow 2FA" and then you give the user a QR code.
I take it at this point that itt's just a no go and we should give up on hopes of this ever becoming a feature? I'm actually amazed that this hasn't been requested more!
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
We basically setup an external RADIUS server in the SSLVPN that points to a PrivacyIdea server. The way it works is that it uses a standard password + the TOTP at the end, so if your password is PASSWORD and yout TOTP code is 123456, then your password for your VPN connection is PASSWORD123456. Reason why it was setup like this is something to do with the OpenVPN in the Omada not accepting challenge requests (or something like that! One of our nerdy guys set this up!).
Whilst not true 2FA, it's certainly better than what TP Link has given us! Just imagine what a great product the whole Omada system could be if they would just add native 2FA VPN into it!
- Copy Link
- Report Inappropriate Content
I understand, I use wireguard and I was also considering 2FA there but I don't know how to do it in this case
- Copy Link
- Report Inappropriate Content
Information
Helpful: 18
Views: 15750
Replies: 58
Voters 18
