OpenVPN with FreeRadius 2FA
I am trying to download the openvpn package from the client export tab but I can not find my Free radius user's .openvpn configuration files. Here is my setup:
- Pfsense 2.4.4
- OpenVPN client export Installed from the packet manager
- FreeRadius3 installed from the packet manager
- I have successfully created a user with OTP enabled from within the Freeradius server (verified from Diagnostics-->Authentication)
- *I created a openvpn server tied to the database of my freeradius server from the OpenVPN Wizard/OPenVPN Remote Access Server Setup
The settings are:
Backend for Authentication - NAS2fa (freeradius server)
Local port - 1194
-->Peer Certificate Authority--> FreeRadius CA
-->Server certificate --> VPN Cert
^^ This is where I think I am messing up? I am not sure what CA I should be using for the Peer Certificate Authority
I think its clear that the Server Certificate should be set to VPN certificate.
What else do I need to configure when I create a new user in the Radius server, I can have my vpn configuration files assigned to the new user? Thanks for your time and help.
The Peer Certificate Authority needs to be the Certificate Authority that creates and signs your peer certificates.
Peer Certificate Authority
I have changed my OpenVPN server Peer certificate authority to Internal CA. But it still shows empty vpn client configuration profiles.
I feel like my mind is a little jumbled on how the new users of the radius server is authenticating from OpenVPN. This is how I view it:
We create a user within FreeRadius-->The freeradius user is integrated within the openvpn server (Based on the backend authentication we selected in creating the openvpn server) --> VPN configuration profiles are created by the vpn server.
But I feel like there is more going on between the freeradius user and openvpn because I can not seem to have the vpnserver create the free radius user's .openvpn configuration profiles. I think it might have something to do with the Certificates?
You are using authentication only - no user certs. There will be just one configuration for everyone in that case. There are no users for the firewall to export for other than "all"
@Derelict That was what I was missing.. Thanks for the help.