AuthPoint Support for MSCHAPv2 / IKEv2 VPNs Is Now Available!
We are happy to announce that AuthPoint Gateway v5.3.1 was just launched, adding support for RADIUS MSCHAPv2 authentications to Active Directory. This means that you can now create IKEv2 VPNs, authenticating users to Active Directory, using AuthPoint as your MFA solution.
Why IKEv2?
- IKEv2 is the most secure VPN option available today
- It is natively available on Windows, macOS, and iOS, and it is easily used among Android users with apps such as StrongSwan
- For Firebox customers, being IPSec-based, IKEv2 can take advantage of crypto acceleration available on Firebox appliances, providing better performance than SSL or L2TP
You can take a look at the basic configuration needed at:
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/authpoint/resources_radius.html
And here you can find the integration guide with Firebox, including Microsoft NPS configuration:
It’s important to notice that IKEv2/MSCHAPv2 multi-factor authentication will only work with push-based authentication. Time-based OTPs cannot be used, since the typed in password plus OTP would be hashed together, so AuthPoint wouldn’t be able to retrieve the OTP part from the password.
Thanks for all that participated in our Beta Program!