RADIUS timeout with MFA authentication is not working

Glad that V18 has timeout setting for RADIUS configuration. However it does not seems to be working with SSL VPN users. We use Azure MFA - when users tries to login to SSL VPN client, users do get MFA calls for validation however after user validation, SSL VPN client fails to complete authentication. It work when we run test connection though. Already tired downloading new config file. 

 

Below is the error log - 

Tue Nov 05 16:40:27 2019 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key

Tue Nov 05 16:40:27 2019 Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication

Tue Nov 05 16:40:27 2019 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key

Tue Nov 05 16:40:27 2019 Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication

Tue Nov 05 16:40:27 2019 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA

Tue Nov 05 16:40:27 2019 [SophosApplianceCertificate_C24077JKFJH6H05] Peer Connection Initiated with [AF_INET]192.168.1.78:8443

Tue Nov 05 16:40:28 2019 MANAGEMENT: >STATE:1572993628,GET_CONFIG,,,,,,

Tue Nov 05 16:40:29 2019 SENT CONTROL [SophosApplianceCertificate_C24077JKFJH6H05]: 'PUSH_REQUEST' (status=1)

Tue Nov 05 16:40:35 2019 SENT CONTROL [SophosApplianceCertificate_C24077JKFJH6H05]: 'PUSH_REQUEST' (status=1)

Tue Nov 05 16:40:40 2019 SENT CONTROL [SophosApplianceCertificate_C24077JKFJH6H05]: 'PUSH_REQUEST' (status=1)

Tue Nov 05 16:40:40 2019 AUTH: Received control message: AUTH_FAILED

Tue Nov 05 16:40:40 2019 SIGTERM[soft,auth-failure] received, process exiting

Tue Nov 05 16:40:40 2019 MANAGEMENT: >STATE:1572993640,EXITING,auth-failure,,,,,

Parents
  • Important: You need to set the radius server as the only "User Portal Service" in Authentication - Services. 

    Than log into the User Portal, download the "new" MFA enabled SSL VPN Policy.

    (while logging into User portal, MFA should be used - Please verify). 

    __________________________________________________________________________________________________________________

Reply
  • Important: You need to set the radius server as the only "User Portal Service" in Authentication - Services. 

    Than log into the User Portal, download the "new" MFA enabled SSL VPN Policy.

    (while logging into User portal, MFA should be used - Please verify). 

    __________________________________________________________________________________________________________________

Children