Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    OpenVPN +NPS Radius (windows) with SMS/Phone App Code

    OpenVPN
    2
    4
    236
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pat1 last edited by

      Hi,

      I have a working VPN which works fine for phone call and push notifications, if my MFA default is set to either of these. The client im using is viscosity but have also tested with openvpn client.

      Overview of the setup

      1. User Enter Username + Password
      2. Pfsense with OpenVPN (Configured for PAP - Radius)
      3. Radius server (Windows NPS with Azure MFA Extension configured)
      4. Push or Call is sent to users device, accept and VPN is connected.

      I would also like to add use for the phone App code / SMS / (Hardware Token at some point), but am having issues in trying to make this work.

      1. User Enter Username + Password
      2. SMS is sent to users phone
      3. How do I get the VPN Client to display a prompt asking for the access challenge code.
      4. I can see from the pfsense packet capture, that from the radius server an access-challenge with a reply attribute is being sent to the openVPN. But no additional dialogue is sent to the user client to enter this information.

      p.s. I have read something about the dynamic challenge protocol, but am not sure on how to honestly make this work.

      Thanks
      Pat

      1 Reply Last reply Reply Quote 0
      • D
        Danilo Ribeiro last edited by

        Hi Pat,

        Did you find out any solution for sms authentication ?

        I implemented the same environment like you, but I only could authentication with microsoft app approved.

        1 Reply Last reply Reply Quote 0
        • P
          pat1 last edited by

          Hi Danilo

          Unfortunalty I could not get this to work. I do recall that after having some conversations with MS, there was known issue with the the NPS azure extension working with sms, in this scenerio.

          I decided that phonecalls and Push notifications, was fine for my use case, and we enforced all users to set there default MFA to Phone Call or Microsoft Push Notifications.

          We have not had issues since I enforced this as a requirement, so have not needed to investigate this further.

          Thanks
          Pat

          1 Reply Last reply Reply Quote 0
          • D
            Danilo Ribeiro last edited by

            Hi Pat,

            I have a question,

            I created my environment and I'm doing the homologation but the openvpn stay reconnect and request every time the mfa authentication.

            Do you know how can I make to disable this reconnection or reconnect every after long time ?

            Tks

            1 Reply Last reply Reply Quote 0
            • First post
              Last post

            Products

            • Platform Overview
            • TNSR
            • pfSense
            • Appliances

            Services

            • Training
            • Professional Services

            Support

            • Subscription Plans
            • Contact Support
            • Product Lifecycle
            • Documentation

            News

            • Media Coverage
            • Press
            • Events

            Resources

            • Blog
            • FAQ
            • Find a Partner
            • Resource Library
            • Security Information

            Company

            • About Us
            • Careers
            • Partners
            • Contact Us
            • Legal
            Our Mission

            We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

            Subscribe to our Newsletter

            Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

            © 2021 Rubicon Communications, LLC | Privacy Policy