anyone know how to deploy rsa-token for use with vpn software, small business so no real servers just a bunch of workstations
randallschwarts is missing, but thanks for the linkedin connect
mnathani_: Actual RSA tokens? Or would any two-factor auth work? Also what vpn software?
If both are free choices, OATH tokens like Google Authenticator have a PAM module which can be hooked up to OpenVPN on Linux
plett: I was looking at using Cisco ASA firewall for the VPN hardware
No OpenVPN then
nope
Do you have ASAs already, or are you going to be buying hardware for it?
buying
5505 is what I am looking at currently
Unless you have a hard requirement for ASAs specifically, I'd look at a software solution instead
we use openvpn with 2fa totp on linux, works fine
cert auth with totp as password
duo have a solution too
That's not to say that ASAs don't work, they're very good at what they do. But you can get a lot more bang for your buck in a much more flexible package by buying a pair of 1U servers and doing it in software. CPUs these days have hardware offloading of crypto operations, which makes nice and fast
friend of mine had a pair of openbsd boxes for vpn termination, both died hours before 10 years of uptime
hahaha
rip
And I've had pairs of failover ASAs both fail at the same time :)
even without hardware offload of crypto modern cpus are pretty good at it.
with 10 year servers it's not uncommon to turn them off then find they won't turn on again
if they haven't been power cycled recently.
Well at least that was my experience years back.
I haven't seen a computer that's been used for 10 years any time recently.
 FYI up_the_irons, mercutio - Upgraded zeit to Debian Jessie, and finally got around to setting up firewalling on it. Let me know if you have any problems with it. (It's set to allow incoming NTP connections obviously, rate-limit incoming ssh, monitoring connections from me, ping, and only allows outbound packets/connections to its upstream NTP servers, its configured DNS servers, apt-get updates and
sending mail.)
heh zeit has a lot of free ram
I have no idea why up_the_irons gave it 2GB. It could run on 256MB quite easily.
It's currently using 108MB (not counting cache etc)
how is debian apt-get with 256mb ram?
ubuntu with 256mb is pushing it these days