4. OpenVPN with FreeRadius 2FA

OpenVPN with FreeRadius 2FA

  • W

    I am trying to download the openvpn package from the client export tab but I can not find my Free radius user's .openvpn configuration files. Here is my setup:

    1. Pfsense 2.4.4
    2. OpenVPN client export Installed from the packet manager
    3. FreeRadius3 installed from the packet manager
    4. I have successfully created a user with OTP enabled from within the Freeradius server (verified from Diagnostics-->Authentication)
    5. *I created a openvpn server tied to the database of my freeradius server from the OpenVPN Wizard/OPenVPN Remote Access Server Setup
      The settings are:
      Backend for Authentication - NAS2fa (freeradius server)
      Local port - 1194
      ::Cryptograhic Settings::
      -->Peer Certificate Authority--> FreeRadius CA
      -->Server certificate --> VPN Cert
      ^^ This is where I think I am messing up? I am not sure what CA I should be using for the Peer Certificate Authority
      I think its clear that the Server Certificate should be set to VPN certificate.

    What else do I need to configure when I create a new user in the Radius server, I can have my vpn configuration files assigned to the new user? Thanks for your time and help.

    0
  • LAYER 8 Netgate

    The Peer Certificate Authority needs to be the Certificate Authority that creates and signs your peer certificates.

    1
  • W

    @w0lverine said in OpenVPN with FreeRadius 2FA:

    Peer Certificate Authority

    I have changed my OpenVPN server Peer certificate authority to Internal CA. But it still shows empty vpn client configuration profiles.OpenVPN_ Client Export Utility.png

    I feel like my mind is a little jumbled on how the new users of the radius server is authenticating from OpenVPN. This is how I view it:

    We create a user within FreeRadius-->The freeradius user is integrated within the openvpn server (Based on the backend authentication we selected in creating the openvpn server) --> VPN configuration profiles are created by the vpn server.

    But I feel like there is more going on between the freeradius user and openvpn because I can not seem to have the vpnserver create the free radius user's .openvpn configuration profiles. I think it might have something to do with the Certificates?

    0
  • LAYER 8 Netgate

    You are using authentication only - no user certs. There will be just one configuration for everyone in that case. There are no users for the firewall to export for other than "all"

    0
    W
     1 Reply
  • W

    @Derelict That was what I was missing.. Thanks for the help.

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy