Example – Westermo RedFox Series User Manual

Westermo OS Management Guide

Version 4.17.0-0

established with the same certificate; she interprets that as if Bob has moved to
a new location.

36.1.4.1.2

Use of username and password to authenticate clients:

It is

possible for Alice to use a second step authentication by requiring the VPN clients
to provide a username and password (in addition to certificate). The example
below shows an example of the credentials at the VPN client (Bob):

Example

bob:/config/#> tunnel ssl 0
bob:/config/tunnel/ssl-0/#> identity bob password builder
bob:/config/tunnel/ssl-0/#> leave
bob:/#>

Alice will either check these credentials against a local user database or towards
a backend RADIUS server. Examples for both alternatives are shown below.

❼ Local Database: Configuration at the VPN Gateway (Alice)

Example

alice:/config/#> aaa
alice:/config/aaa/#> local-db 1
Creating new local db 1
alice:/config/aaa/local-db-1/#> description openvpn-users
alice:/config/aaa/local-db-1/#> username bob builder
alice:/config/aaa/local-db-1/#> show
Type

: plain

Description

: openvpn-users

Number of users

: 1

Username

Password

----------

----------

bob

builder

alice:/config/aaa/local-db-1/#> end
alice:/config/aaa/#> end
alice:/config/#> tunnel ssl 0
alice:/config/tunnel/ssl-0/#> aaa-method local-db 1
alice:/config/tunnel/ssl-0/#> leave
alice:/#>

❼ Backend RADIUS server: Configuration at Alice (VPN Gateway)

➞ 2015 Westermo Teleindustri AB

845