How to set up P2S with Radius Auth using Okta Radius Agents
Hello,
I need help on setting up a P2S configuration using Radius Auth but usign Okta Radius Agents.
I am unable to configure the Azure VPN Client or the Open VPN GUI to prompt the Second Factor message received from Okta MFA.
Do you have some working scenarios using Okta Radius Agents ?
Kind regards,
Mihai Stanciu
Azure VPN Gateway
-
KapilAnanth-MSFT 23,406 Reputation points • Microsoft Employee
2023-09-01T11:24:06.04+00:00 Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.
When you're using RADIUS authentication, there are multiple authentication instructions:
- certificate authentication,
- password authentication and
- other authentication methods and protocols. The VPN client configuration is different for each type of authentication.
Can you please let us know what authentication method are you using with RADIUS?
Cheers,
Kapil
-
KapilAnanth-MSFT 23,406 Reputation points • Microsoft Employee
2023-09-05T05:38:53.4833333+00:00 May I know if you got a chance to review my previous comment?
Please let me know if you are facing any challenges or if there are any follow-up questions, I shall be glad to address them.
Thanks,
Kapil
-
KapilAnanth-MSFT 23,406 Reputation points • Microsoft Employee
2023-09-06T08:58:47.7+00:00 Can you please update us if the action plan provided was helpful?
Should there be any follow-up questions or concerns, please let us know and we shall try to address them.
Thanks,
Kapil
-
KapilAnanth-MSFT 23,406 Reputation points • Microsoft Employee
2023-09-07T13:24:01.6366667+00:00 Reaching out to check if there are any questions on this.
Please let us know if we can be of any further assistance here.
Thanks,
Kapil
-
Mihai Marius Stanciu 0 Reputation points
2023-09-15T07:34:05.5366667+00:00 Hello. Okta Radius Support only PAP so i am using password Authentication.
It seems there is a problem with the protocol used by Azure VPN which uses EAPTLS and Okta Radius uses PAP. Is there any way to make them communicate in the same protocol?
If we can have a call that would be perfect.
https://help.okta.com/en-us/content/topics/integrations/radius-best-pract-flow.htm
-
Mihai Marius Stanciu 0 Reputation points
2023-09-15T07:37:13.3233333+00:00 -
KapilAnanth-MSFT 23,406 Reputation points • Microsoft Employee
2023-09-15T08:06:17.1533333+00:00 Currently, the supported Authentication Methods are
- EAPMSCHAPv2
- EAPTLS
I would suggest you to check if the third party can use any of the above authentication methods supported.
Cheers,
Kapil
-
Mihai Marius Stanciu 0 Reputation points
2023-09-22T07:55:57.2433333+00:00 As per this link https://learn.microsoft.com/en-us/azure/vpn-gateway/point-to-site-vpn-client-configuration-radius-other, Azure VPN uses PAP to communicate with Radius " If you have Point to Site VPN configured with RADIUS and OpenVPN, currently PAP is only authentication method supported between the gateway and RADIUS server" . I have the setup done, i get the sign in the problem is that azure vpn receives the Access-Challenge but doesn't correctly process it, and from the diagnostics logs i am not able to find out why, and microsoft support ticket i opened is not able to provide more information on the logs .
Since the Access-Challenge is received by the Azure VPN for sure is a problem with how that radius message is processed since the Client doesn't show the MFA challenge and Azure VPN authenticates the session.
Kind regards,
Mihai Stanciu
-
KapilAnanth-MSFT 23,406 Reputation points • Microsoft Employee
2023-09-25T05:31:56.8566667+00:00 To troubleshoot this issue further, I think we will need a specialized 1:1 session, where a support engineer can have a screen share session to pinpoint the issue.
If you have a support plan you may file a support ticket, else please do let us know, we will try and help you get a one-time free technical support.
Cheers,
Kapil
-
Mihai Marius Stanciu 0 Reputation points
2023-09-26T13:29:03.0033333+00:00 Hello,
I have opened a support request with Microsoft, but wasn't able to make it work .
If it is possible to get a technical support that would be much appreciated.
Kind regards,
Mihai Stanciu
-
KapilAnanth-MSFT 23,406 Reputation points • Microsoft Employee
2023-09-26T15:20:32.8633333+00:00 Can you please share the SR number of your case to AzCommunity[At]Microsoft[Dot]Com with the below details.
Subject : Attn Kaananth Thread URL: Link to this thread.
- Subscription ID : Subscription ID of VPN Gateway
- SR Number : SR number of your case I shall try to track the case internally and discuss the what is the blocker with the Support Engineer
Cheers,
Kapil
Sign in to comment