Debian DuoProxy LDAP one prompt for session

Chayne · ‎07-25-2022

Good Afternoon

I am hoping you can help.
I have Juniper SSL VPN configured via my Duoproxy server to validate domain login for use with the VPN.

This all works well besides for one aspect

My VPN attempts to reconnect/re-auth between 6-7hrs into the session
and it fails
My assumption is that because it doesn’t get the username and password initial prompt Duo doesn’t allow the re-validation to occur which causes my VPN connections to drop.

I recall seeing somewhere ( i unfortunately cannot find the resource now so am turning to you) That there is a setting that can be used in the authproxy.cfg file that will tell duo to only prompt once per session,
I would like to test this setting with my VPN to see if it alleviates the connection drops.

Please and thank you for your assistance.

DuoKristina · ‎07-26-2022

Hi @Chayne,

There is no setting for authproxy.cfg like you describe. The Duo Authentication Proxy does not maintain any kind of session memory or session awareness for VPN devices that authenticate against it; it merely responds to authentication requests sent by the RADIUS or LDAP device whenever they are sent.

This sounds like something you would configure on your VPN device, to extend the length of a VPN client session, or to not try to reconnect automatically (allowing the opportunity to enter creds manually).

There is a remembered devices policy setting, but this only applies to interactive authentications through the Duo browser-based authentication prompt.

Duo, not DUO.