Openvpn+Radius setup+2FA

Installing FreeRADIUS3

Pfsense-Package Manager-FreeRADIUS3

Pfsense-Service-FreeRADIUS-Interfaces-Add
->Port: 1812, Interface Type: Authentication

Pfsense-Service-FreeRADIUS-Interfaces-Add
->Port: 1813, Interface Type: Accountung

Pfsense-Service-FreeRADIUS-Interfaces-NAS/Clients-Add
->Client IP Address : 127.0.0.1
->Client Shared Secret : something

User Management

pfsense-System-User Manager-Authentication Servers-Add
->Type:RADIUS
->Hostname or IP address: 127.0.0.1
->Shared Secret: something
->RADIUS NAS IP Attribute: choose network

pfsense-Service-FreeRADIUS-Users-Add
->Username, Password

Verification

pfsense-Diagonostics-Authentication
->Authentication Server: Radserver
->Username, Password

Pfsense-Diagonostics-Authentication-Test

Add users and assign to specific resources

Pfsense-VPN-OpenVPN-Wizards
->Trype of Server: RADIUS
->Complete to default settings

Pfsense-Services-Users
->Edit/Add user to assgn IP address (one of tunnel network ip address)

pfSense-Firewall-Rule-OpenVPN
->delete Rules
->Add Rules for each users

2FA(Optional)

Pfsense-System-User Manager-Authentication Servers
->Protocol: MS-CHAPv2->PAP

Pfsense-Services-FreeRADIUS-Users
->Password: Leave empty
->Mobile-One-Time-Password : enable
->OTP Auth Method : Google-Authenticator (standard ToTP authentication)
->Generate OTP Secret
->PIN

Leave a Reply

Your email address will not be published. Required fields are marked *