Cheap VPS & Xen Server

Residential Proxy Network - Hourly & Monthly Packages

How To Add WiKID Two-Factor Authentication To The Astaro Security Gateway


Astaro is a very popular Linux-based “all-in-one” security appliance offering spam filtering, malware protection, firewall, VPN, etc. The WiKID Strong Authentication Server is a dual-source two-factor authentication system. PINs are encrypted on a software token and sent to the WiKID server. If the PIN is correct, the encryption valid and the account active, a one-time password is generated, encrypted and returned to the user’s token where it is decrypted and presented for use with a network-based services. This document will show how to add WiKID two-factor authentication to the Astaro Security Gateway version 7 using Radius.

Configuring Radius On The Astaro Security Gateway

Log into the WebAdmin on the Astaro Server.

astaro_login

Click on the Users link and then Authentication:

astaro_dashboard

This will bring up the up the authentication management interface:

astaro_auth

Select “Create Users Automatically”. Astaro will automatically create user objects whenever an unknown user successfully authenticates using WiKID.

Click on the Radius tab and then the Enable button to activate the form:

astaro_enter_wikid

If you haven’t yet added the WiKID server to the network, click the green plus button on the Server line and add the WiKID server as a host. Use the internal network interface – you do not want Radius running on an external network because it is not encrypted. Keep the port as 1812. Type in the same shared secret as used on the WiKID server. Finally, click Apply to save the changes.

Now, you can configure your remote access services to use RADIUS:

astaro_pptp

Configuring The WiKID Server

We assume that you’ve already installed the WiKID server and have it up and running. We will start by creating a new WiKID domain to hold the Astaro VPN users. On the WiKIDAdmin web interface, click on the Domain tab and then “Create New Domain”. This will bring up the Create Domain page:

wikid_create_domain

The server code should be the zero-padded IP address of the WiKID server. The WiKID token clients will connect to the server over port 80 (because all the transactions are asymmetrically encrypted).

Next, we will create a network client for the Astaro server. In addition to opening a port on the firewall for the Astaro Security Gateway, this step will associate the WiKID domain and its users with the Astaro:

wikid_create_networkclient

Radius traffic is encoded by a shared secret, so we need to enter the same shared secret here as we entered on the Astaro:

wikid_create_shared_secret

That’s it!

wikid_nc_success

Your users should now be able to login to Astaro services using their WiKID credentials.

Comments

comments