Mobile IPSec VPN using RADIUS and Windows NPS service

mobydick426

Hello everybody,

I need to create a mobile VPN for remote users.

We likes using pfSense as VPN gateway and NPS service for authentication and VPN policy.

I've tried many todo like :

https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/ikev2-with-eap-radius.html
https://michaelfirsov.wordpress.com/testing-pfsense-ipsecv2-vpn-with-windows-authentication-part-1/

On pfSense, Diagnostic, Authentication, RADIUS test is ok (RADIUS server is NPS service).

On Windows 10, username / password are not recognized. NPS didn't log anything on eventlog and Windows 10 logs an error 691.

We use MSChapv2 with encryption (configured on NPS and on Windows 10).

The root certificate used to create a certificate for pfSense has been imported on Windows 10.

I'm testing some suggestions since some days and I can't understand the error.

Have you encountered this error or have you some idea for me ?

Many thanks !

garywaynesmith

@mobydick426 said in Mobile IPSec VPN using RADIUS and Windows NPS service:

/ password are not recognized. NPS didn't log anything on eventlog and Windows 10 logs an error 691

Did you ever find a resolution to this. I am seeing the same issue. Radius users test out fine in diagnostics but I can't get any users to authenticate.

If I used mschapv2 with the user/preshared key, everything is good (so I know ikev2 is working as expected).

when I flip mobile client and phase 1 to radius then nothing works.