How to setup FreeRadius with OpenVPN on pfsense
Part2 How to user 2FA for users with the above mentioned setup.
How to setup FreeRadius with OpenVPN on pfsense
Part2 How to user 2FA for users with the above mentioned setup.
I figured I’d add my comment from YouTube here to hopefully help someone be more secure even though TOTP is pretty secure a TLS certificate is pretty important for every user. I know Tom even said that he was just rushing through as an example but I am sure it is implied that we all know how to do this. For me I will admit I was rushing through this but it’s always a good idea to look at the logs! In my instance I found this notice in my OpenVPN logs “WARNING: POTENTIALLY DANGEROUS OPTION”. Since I was configuring a new VPN from scratch I forgot to go in and switch the server mode to Remote Access (SSL/TSL + User Auth). Anyway this is how one would add a certificate to users in FreeRadius after following these two videos in a row.
That should do it for the FreeRadius part. Please let me know if I should have made other changes. Thanks!
Also just so anyone who is interested in this knows, I have been using this custom option in my OpenVPN options to get local users to have static IP addresses and it has served it’s purpose until I watched this but I am just now getting around to implementing it. This is just for local authentication
Thanks again Tom for all your time you put into this stuff!
Edit: corrected a couple typos.
@LTS_Tom Thank you for your video you made it quite easy even for a beginner like me to implement a RA Server with FreeRADIUS authentication.
@tbigs2011 Thank you for adding your walkthrough. I managed to make the VPN server more secure by adding a user certificate using the Common Name tag and binding it to the FreeRADIUS user. Created two users with different firewall rules and pinged my way to happiness!!
Kind regards,
Pete