OpenVPN auth over Windows Radius issues

  • We have a pfSense box setup with a few outbound gateways, as well as IPsec working with auth over Radius. We've recently needed to have OpenVPN setup, and it works with no auth (SSL/TLS Keys), as well as auth to the local pfSense database, however when we try to use the Radius server it reports the incorrect IP (being a different outgoing route) to reply to.

    A little extra info is that we're not using the default route on the pfSense to bring the OpenVPN connections in. Also the Radius Server is a Windows Server 2008 R2 box.

    What I'm wondering is, do we need to have NAT'ing or routing setup for the OpenVPN connections as no routing is in place, or there shouldn't be, on the pfSense prior to the successful authentication and connection of the OpenVPN client?

  • We found that trying to use CHAP failed every time without fail. Had to enable PAP to get this working.