Azure MFA and OpenVPN
-
Hello! I've implemented a Windows NPS RADIUS server to authenticate with our pfsense. This works fine as long as I do not implement MFA with Azure which is what we want to do. I've gotten it to the point where I do a test auth in the pfsense console and I get a code on my phone but no place to enter the code. Because of this authentication immediately fails. Turning off MFA for the user makes it work again. Anyone have any ideas why the MFA window isn't popping up when testing or connecting through OpenVPN? Also, I've tried with the Authenticator app and that just doesn't work at all.
I'm using this guide:
https://forum.netgate.com/topic/81540/azure-multi-factor-authentication-server-with-openvpn-brief-how-to
-
The MFA extension for NPS only supports phone call and MS authenticator push notifications, since, as you've noticed, there's no way to enter anything. Hope this helps.
-
@dajones13 Thank you for your response. I ended up figuring out about the push notification. However, I did not know about the phone call option which is great to know. I also had the encryption set to PAP instead of MSCHAP which I don't think was the issue but I changed it prior to the VPN working so it could have been a factor. Thanks a lot!