FreeRADIUS OVPN GAUTH



  • This is a question or perhaps it's a feature request. I have pfSense/FreeRADIUS/Google Authenticator/OVPN working very well. I have several different pfSense firewalls configured this way, and they all appear as "FreeRADIUS" in the google authenticator app. This is inconvenient and confusing. I'd like the QR generator to present a more useful name.

    According to this website https://www.edwardthomson.com/blog/changing_titles_in_google_authenticator.html the QR code is generated from a otpauth URL: otpauth://totp/account_name?secret=secret_key&issuer=Website_Title

    That Issuer is seemingly hardcoded in pfSense to be "FreeRADIUS"

    There is no way to change thise in the GUI. I've looked through the CA, certificates, radius configuration files and all the OVPN settings, but I can't figure out how that name is specified. Perhaps in the PHP code?

    If there is a file that can be edited, I'm willing to do that, but perhaps this is a detail that can be specified in the FreeRADIUS advanced fields or exposed as a field in future versions of pfSense.

    Thanks.



  • @sublunar said in FreeRADIUS OVPN GAUTH:

    That Issuer is seemingly hardcoded in pfSense to be "FreeRADIUS"

    That's vital info, and all you need to answer your question.
    If you need to know where x is defined, just look for it ^^

    Looking for some characters, or even some random string is world's most oldest "computer question".
    The answer was : grep

    'something' tells me you should start looking in /usr
    So :

    cd /usr
    grep -R "FreeRADIUS" *
    

    This will show several hundreds of results.

    This one is interesting :

    local/pkg/freeradius.xml:                         var provider = encodeURIComponent("FreeRADIUS");
    

    Looking at the file /usr/local/pkg/freeradius.xml - search for 'provider' and you fall right into OAUTH code.

    Up to you to experiment now ;)



  • @Gertjan Thank you. /usr/local/pkg/freeradius.xml is indeed the file that contains the string. I've changed the variable and now I get a meaningful title when the app reads the QR code. The change doesn't require recreating the user or restarting.



  • Great !

    Keep in mind that when the FreeRadius package upgrades, you have to re edit this file.


Log in to reply