Adjusting the VPN gateway configuration for one-time password request

Radius settings at the VPN gateway

With the settings in the RADIUS menu, advanced IPSec authentication (XAUTH) with the RADIUS server of the KOBIL SecOVID™ server is enabled. You must set the authentication type to the XAUTH value, and save the IP address of the KOBIL SecOVID™ server. Communication with the RADIUS server is password-protected. Here, please use the RADIUS password saved on the SecOVID server (configuration file \etc\SecOVID\clients).

  1. Go to System Management -> Remote Authentication -> RADIUS.

System Management-> Remote Authentication -> RADIUS

Relevant fields in the RADIUS menu

Field Description
Authentication Type Select Authentication Type XAUTH .
Server IP Address Enter the server IP address of the KOBIL SecOVID™ server, e.g. 192.168.0.111 .
RADIUS Password Enter the shared password used for communication between the RADIUS server and your device, e.g. radius_PWD .

Group description

Define a new RADIUS group description or assign the new RADIUS entry to a predefined group. The configured RADIUS servers for a group are queried according to priority and policy.

Possible values:

  • New (default value): Enter a new group description in the text field

  • <Group Name>: Select a predefined group from the list. e.g. xauth .

XAUTH Configuration

A RADIUS server must be used for advanced IPSec authentication (XAuth). Perform all necessary settings in the XAuth Profile menu.

  1. Go to VPN -> IPSec -> XAUTH Profiles -> New.

VPN -> IPSec -> XAUTH Profiles -> New

Relevant fields in the XAUTH Profiles menu

Field Meaning
Description Enter a description for the IPSec authentication, e.g. radius .
Role Here, select Server .
Mode Under Mode select RADIUS .
RADIUS Server Group ID Select RADIUS server xauth .

Activating the one-time password request on the VPN peer

To activate the one-time password request in the corresponding VPN peer configuration, the previously-configured Radius server profile is selected.

Under the option XAUTH Profil the Radius server profile of the KOBIL SecOVID™ server is selected. At the next setup of a VPN IPSec tunnel, the one-time password is requested and matched with the KOBIL SecOVID™.

  1. Go to VPN -> IPSec -> IPSec Peers -> .

VPN -> IPSec -> IPSec Peers ->

Relevant fields in the IPSec Peers menu

Field Meaning
XAUTH Select the Radius server profile of the KOBIL SecOVID™ server.

Copyright© Version 01/2020 bintec elmeg GmbH