Help with Radius Authentication
-
I was wondering if it is possible to have my Radius server on my 'wan' interface? I have a windows server with radius/nps but when I add an allow all rule to the firewall and tried to completely open it, I still could not ping the server(192.168.2.254). Any ideas on how to setup the firewall to allow communication to the server for Radius?
Lan ip= 192.168.1.1
Wan ip= dhcpMain network is a /24 with the network address of 192.168.2.0
Gateway to internet is 192.168.2.1pfsense is running on a headless virtualbox on the server located at 192.168.2.254.
Thanks for any help.
-
Are you doing NAT on pfsense WAN interface ? Then you need to add an port forward on pfsense - only opening the firewall on WAN will not help.
Further when you have your pfsense WAN interface doing NAT then this will be the IP address the RADIUS server will see as client's/NAS IP address.
-
Thanks for reply, sorry I am new to pfsense.
I configured the Radius server and added the Firewall NAT port forward which in turn created a firewall rule. the nat rule is for: WAN UDP src=* src ports=*, dest address is WAN address with port 1812(radius) and NAT IP 192.168.2.254 NAT ports 1812(radius)
but i get Authentication Failure when i run the test.
Any ideas?
-
Could you please explain mor ein detail which server is on which subnet/ip
and from where to where you want to connect.
Where is the NAS ? (IP, subnet)
Where is the RADIUS Server ? (IP, subnet)
Do you use Windows as RADIUS server or du you use the pfsense package "freeradius2" ? -
Main Server(2008r2 enterprise w/ Radius via NPS) -192.168.2.254 on subnet 192.168.2.0/24
Virtualbox PfSense(located on Main Server) LAN 192.168.1.1 and WAN dhcp(reserved at 192.168.2.109)
Gateway is 192.168.2.1 on /24 subnetThe radius is on the Main Server supplied by RRAS Radius. Clients are setup with friendly names that point to each device and access is supplied via a unencrypted channel.