Freeradius setup guide for pfsense 2.3???

  • Anyone who can provide a guide to setup freeradius on pfsense 2.3 in ENGLISH only please help!!!

  • LAYER 8 Global Moderator

    Set it up to do what? How is use of freeradius any different than in 2.2?

  • These are basic steps how I have setup freeradius in Pfsense 2.3

    1)  Install freeradius.

    1. To configure ->  Service tab –-> Freeradius

    2. Interface --> +

    Interface ip address  :  <lan-ip>port                          :  1812
                Interface type            : Authentication
                Ip version                : IPv4
                Description              : authentication

    Similarly  add interface for Accounting(Port 1813) and Status(Port 1816)

    1. NAS Clients --->  +

    Client Ip address        : 

    1. Users --->  +

    2. Settings Tick disable Acct-Unique

    There is a bug in freeradius ---- Doesn't start at reboot

    Fix --->

    make a copy of /usr/local/etc/rc.d/ and edit it.

    At rc.stop () add these lines

    rc_stop() {
            # Don't stop if service start is in progress
            # pfSctl -c 'service reload packages' call start and stop multiple times

    if [ ! -f "$LOCKFILE" -a -f "$PIDFILE" ]; then

    /usr/pbi/freeradius-amd64/local/etc/rc.d/radiusd onestop


    In addition to these if you want captive portal few points have to be taken care (Refer Pfsense documents)

    Also enable cron if accounting is enabled.

    I hope this would provide you with some basic help


  • LAYER 8 Global Moderator

    "There is a bug in freeradius –-- Doesn't start at reboot"

    I don't concur.. I have rebooted pfsense multiple times, and freerad starts.  But maybe its it my service watchdog package starting it??  But I don't think so.  Next time I have need to reboot my pfsense I will disable the service watchdog package from doing anything with freerad before the reboot and see if it starts.

    Ok just rebooted pfsense, I pulled freerad out of my service watchdog..  Did a reboot and see lit start up without issue

    Jul 23 10:38:07 	radiusd 	54539 	Ready to process requests.
    Jul 23 10:38:07 	radiusd 	48618 	Loaded virtual server <default></default> 

  • What to add in nas/cliet ip? lan address?

  • For Client/NAS ip

    If you are using captive portal along with freeradius use lan interface ip.

    If you are using any access point or switch which are using pfsense box as a radius server, you need to add their ips as Client.

    The secret phrase which is set here has to be provided in captive portal page or in access point or switch.

  • But i use dhcp to assign ips to people's smartphone .Radius will be used to authenticate with captive portal.

Log in to reply