Versionen im Vergleich

Alte Version 4

changes.mady.by.user LANCOM Redaktion

Gespeichert am

verglichen mit

Neue Version Aktuell

changes.mady.by.user LANCOM Redaktion

Gespeichert am

Schlüssel

  • Diese Zeile wurde hinzugefügt.
  • Diese Zeile wurde entfernt.
  • Formatierung wurde geändert.

...

This article describes how to set up a VPN connection from the Advanced VPN Client for macOS to a LANCOM router with two-factor authentication (IKEv2-EAP-OTP).

Info

The configuration with a LANCOM Advanced VPN Client for Windows is described in this knowledge base article.


Requirements:

  • LANCOM router with at least 25 VPN licenses (Central-Site gateway, 19xx series router or LANCOM router with the VPN 25 Option)
  • Advanced VPN Client for macOS as of version 4.7x
  • LCOS as of version 10.70 REL (download latest version)
  • LANtools as of version 10.70 REL (download latest version)
  • Authenticator app for Android or iOS (e.g. Google Authenticator or Microsoft Authenticator)

...

Info

Repeat this step for each VPN user.

Hinweis

The Secret must contain capital letters and numbers between 2 - 7 only (see RFC3548). Otherwise the configuration cannot be written back to the router via LANconfig!

If the If the Google Authenticator is used, the Secret must have at least 16-digits, as otherwise the scan of the QR code will fail.

...

  • Exchange Mode: From the drop-down menu, select IKEv2.
  • PFS Group: From the drop-down menu, select DH14 (modp2048 DH16 (modp4096).
Info

LANCOM Systems recommends to use the PFS group DH16 (modp4096). For this purpose DH16 must also be active in the encryption profile DEFAULT on the router (VPN → IKEv2/IPSec →  Encryption).

Image Added

5.6) Authentication via EAP-OTP cannot be configured in the wizard, so this must be done manually at a later stage. Click Next without making changes. 

...

Hinweis
titleIMPORTANT NOTE

6.4.1) If you are using LCOS firmware up to version 10.80, you must now enter the password of the RADIUS user assigned in step 3.5, directly followed by the one-time password (OTP) displayed in the Authenticator app when establishing the VPN connection.

Image RemovedImage Added

6.4.2) If you are using LCOS firmware version 10.90 or later, the one-time password (OTP) displayed in the Authenticator app must be entered when establishing the VPN connection.

Image RemovedImage Added

PageIdMakro

...

Inhalt nach Stichwort
showLabelsfalse
max5
showSpacefalse
sortcreation
titleMore articles on this topic:
excludeCurrenttrue
cqllabel = "avc" and space = "KBEN"