OpenVPN +NPS Radius (windows) with SMS/Phone App Code

  • Hi,

    I have a working VPN which works fine for phone call and push notifications, if my MFA default is set to either of these. The client im using is viscosity but have also tested with openvpn client.

    Overview of the setup

    1. User Enter Username + Password
    2. Pfsense with OpenVPN (Configured for PAP - Radius)
    3. Radius server (Windows NPS with Azure MFA Extension configured)
    4. Push or Call is sent to users device, accept and VPN is connected.

    I would also like to add use for the phone App code / SMS / (Hardware Token at some point), but am having issues in trying to make this work.

    1. User Enter Username + Password
    2. SMS is sent to users phone
    3. How do I get the VPN Client to display a prompt asking for the access challenge code.
    4. I can see from the pfsense packet capture, that from the radius server an access-challenge with a reply attribute is being sent to the openVPN. But no additional dialogue is sent to the user client to enter this information.

    p.s. I have read something about the dynamic challenge protocol, but am not sure on how to honestly make this work.


Log in to reply