Showing posts from March, 2017

How to setup Google Authenticator 2FA with a Watchguard SSL VPN Client for FREE!

My goal for the last year has been to figure out how to turn on 2FA (two factor authentication) for our WatchGuard SSL VPN Clients.  I found that Wright SMS2 worked best, so that is what I will document here.  Most of what I talk about here may also apply to other firewalls too.

The WatchGuard firewall supports 2FA with the Mobile VPN for SSL client, but your Radius server has to do the work.  You can find details about the WatchGuard support here.

So what are the options for getting Google Authenticator to work with WatchGuard for free?

OpenVPN - This was complicated to setup and would have to replace the WatchGuard VPN.  I had too many problems getting this to work and setup was complicated for the users who would have to remove the WatchGuard VPN and install the OpenVPN client.

FreeRadius - This sounded promising, but the Google Authenticator plugin was not well documented and I gave up getting it to support both Active Directory and Google Authenticator at the same time.  It seems tha…