Two Factor Authentication with Radius

Just wondering if anyone has gotten 2FA working with Radius and a L2TP/IPSec VPN?

From what I can see, Vyos send the initial request to the Radius server OK, but when the Access-Challenge is returned, Vyos just drops the client connection with an access-denied message.

I can’t see anything relevant in the logs either…


It sounds like there might be a number of things going on - have you tried the same VPN config with local auth to isolate Radius from the equation?

Also, not that it’s related to the problem at hand, but you might find it a bit easier to roll SSL VPN with OpenVPN vs L2TP et al (not to mention for the security options). I threw together a Duo 2FA howto a while back that might come in handy: