Seeking Advice on Implementing RADIUS with 2FA for VPN Security

[gamser]

Hey everyone, I’m implementing RADIUS with 2FA in our organization, and I’d love to hear your thoughts on the best practices or any potential pitfalls to avoid. We’re currently using RADIUS for our VPN, and we’re considering adding 2FA to strengthen security. Anyone have experience with this?

 

[tremet]

I’ve implemented RADIUS 2FA for our VPN, and it’s been a solid security upgrade. One key best practice is to ensure your RADIUS server has proper timeout settings, especially if you’re using push notifications for 2FA, like Duo or Google Authenticator. Another tip is to thoroughly test the user experience before rolling it out company-wide; some users may struggle with the added step, so clear instructions are crucial. Also, plan for backup methods in case users lose access to their 2FA device. Overall, it’s a worthwhile investment in security.

 

[niklaus]

Ensure your RADIUS server has proper timeouts, especially if using push notifications. Thoroughly test the user experience and provide clear instructions, as some users may struggle with the added step. Plan for backup methods in case users lose their 2FA device. Overall, it’s a worthwhile security investment