Fail to authenticate Aviatrix VPN Client using DUO-enabled Okta
I'm using Okta for Aviatrix VPN authentication. On their website, apparently support using Okta. http://docs.aviatrix.com/HowTos/HowTo_Setup_Okta_for_Aviatrix.html
My problem is that after I setup gateway with Okta authentication in Aviatrix, I cannot login via VPN client when DUO is enabled. The authentication simply failed with the following log:
2018-02-08 06:27:33 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) 2018-02-08 06:27:33 AUTH: Received control message: AUTH_FAILED 2018-02-08 06:27:33 SIGTERM[soft,auth-failure] received, process exiting
And on Okta side I'm seeing the following two events in sys log, but my phone was never prompted with any challenge. And I noticed in the "Evaluation of sign-on policy" event, the user-agent has the following property:
Browser UNKNOWN OS Linux RawUserAgent OktaOpenVPN/0.9.2 (Linux 3.13.0-74-generic) CPython/2.7.6
If I deactivate DUO, then the login will pass.
I want to know is it supported to use DUO-enabled Okta for other platform's authentication? If so, is it that Aviatrix is not calling Okta using the right way?
Thank you for reaching out today! While we currently do not have documention around integrating the Aviatrix VPN, most factor options should be supported when authenticating to a VPN client via means of the Radius Agent and Radius App:
As a suggestion, could you confirm if you are able to authenticate with any other factor methods such as SMS or Okta Verify Push, as well as determine if there are any settings available in the Aviatrix configurations where a timeout duration can increased?
If you continue to run into issues, I would definitely suggest opening a case with Support so we can further assist with additional troubleshooting.
Aleks Bulajic Technical Support Engineer Okta Global Customer Care