Racoon PAM + google authenticator
-
Hello.
It's quite easy, I wan't to use the google 2 factor authentication with IPSEC/VPN.
I have sucessfully compiled and used 1 line password+code auth with PAM for SSH on pfsense.I found that you could configure racoon to use PAM by setting:
mode_cfg {
auth_source pam;
..
..
}This should then in theory go look for /etc/pam.d/racoon, and I would there be able to configure as I did with SSH, I hope.
The only smaaall problem is:
racoon: ERROR: /var/etc/racoon.conf:17: "pam" racoon not configured with –with-libpam
So, what to do?
1. Is what I'm trying to do even possible?
2. If so, do I need to build racoon myself, or is there some kind of package available to install?
3. Is there a better way to do the one-line-password+code google authenticator auth over IPSEC/VPN? Radius or something like that?Thanks!
/Basse -
Well, I did it (at least I think so :P).
1. Recompiled ipsec-tools with PAM support
2. Copied racoon & racoonctl from my compile-vm to the PFSense VM.
3. created /etd/pam.d/racoon
4. changed auth_source to pamAnd now it works, when I connect i provide my password as:
xauthpassword + googlecode, e.g "supersecretpassword123456", and its great success!Only problem is, I'm waay to bad at freebsd/compiling stuff to use this racoon-build live :/ No idea what I missed and how many security-holes I have opened up.
EDIT: Is it possible to get the PFSense-team to build the release with ipsec-tools configured with PAM?
-
this is great!!!
I hope this gets included as an option for ipsec clients!