Pritunl 1.26 Release Announcement
Version 1.26 of Pritunl has been released. This release adds support for Duo passcodes and hardware authentication tokens. A seven day push authentication cache has also been added to the settings to allow Pritunl clients to cache push authentications using a token stored on the client.
The Pritunl settings now includes an additional option to choose between four Duo modes (Push, Phone Callback, Push + Phone Callback, Passcode). The push mode will send a push authentication to the users mobile device. The phone callback mode will call the user to approve the authentication request. The push and phone callback mode will use a phone callback if the user does not have a mobile device with the Duo app. The passcode mode will ask the user for a six digit passcode. This passcode can come from the Duo app or a hardware token.
Duo Hardware Token
With the addition of Duo passcode support hardware tokens can be used to authenticate users. The hardware tokens can be purchased from Duo. Users will be required to enter a code from the token when downloading VPN profiles and before each VPN connection. If all users do not require a hardware token the Duo app can also be used to supply a passcode for users without a hardware token.
Push Authentication Cache
By default the Pritunl server will only cache push authentications for clients connecting from the same computer and remote IP address. This cache last eight hours after the authentication, the timeout is reset on each reconnect. This release adds an additional cache that uses a token generated by the Pritunl desktop client to cache each push authentication for seven days. Reconnecting will not reset the timeout for this cache, after seven days the user will be required to re-authenticate.