Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Windows 10 VPN Client / pfSense IPsec with EAP-RADIUS

    Scheduled Pinned Locked Moved IPsec
    2 Posts 2 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Z
      zachelks
      last edited by

      Hi,

      I'm trying to configure a Mobile IPsec VPN for use with Windows 10 Clients. Initially I followed the guide here: https://www.netgate.com/docs/pfsense/vpn/ipsec/configuring-an-ipsec-remote-access-mobile-vpn-using-ikev2-with-eap-mschapv2.html

      I was able to get the VPN working using a pre-shared key defined in the IPsec menu. I don't really like having to define pre-shared keys so I decided to try authenticating users against my AD Server using NPS (Windows Server 2016).

      I setup the authentication server in pfSense and I'm able to successfully authenticate using a Domain User Name and Password in the authentication diagnostics. I'm having trouble figuring out the right way to configure pfSense to work nicely with the built-in VPN client in Windows 10.

      At first I tried to continue using MS-CHAPv2, however I've now realized that this only works when using a pre-shared key. Based on what I've read it seems EAP-RADIUS would be the correct mode, unfortunately it appears that the Windows 10 VPN client does not support this mode.

      Any suggestions on other clients or ways to get the VPN to play nicely with the built-in Windows 10 client?

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        EAP-RADIUS is just EAP-MSCHAPv2 with RADIUS on the backend. If it doesn't work, the most likely problem is that our NPS config is not setup to allow EAP properly.

        See https://www.netgate.com/docs/pfsense/book/thirdparty/radius-authentication-with-windows-server.html#adding-a-network-policy for something to check against

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.