Pfsense syncing user/directory with google g-suite for VPN and WIFI authentication

mephisto · Nov 4, 2019, 2:24 PM

I'm researching for a way to get pfsense to sync/use Google g-suite directory of users so there is no need to maintain manually a local user database on pfsense for VPNs and WIFI.

The idea is to allow users to use openvpn (open to other clients, but I'm leaning heavily towards openvpn) and type their own google g-suite credentials to authenticate. Pfsense would be syncing a list of users and password hashes or perhaps relaying those requests in real time to google.

For WIFI I believe a captive portal that also uses similar process as above would be ideal.

I'm researching about Freeradius connecting to google LDAP, please bear in mind my research is in the first stages so my findings may not be all relevant to this. So far the LDAP journey begins here https://support.google.com/a/answer/9048434 configuring a LDAP client, which I believe would be free radius, right? And then later on one of the steps is https://support.google.com/a/answer/9089736?hl=en . I'm still not sure how to manipulate this data from gsuite on freeradius, perhaps I just setup this sync and then next thing is all done on freeradius regarding VPN and WIFI?

Please let me know what you chaps think about this :)

free4 · Nov 4, 2019, 2:24 PM

@mephisto perhaps you should ask this question to the freeradius mailing list?

mephisto · Nov 4, 2019, 2:53 PM

it sort of overlaps with pfsense a fair bit as I want people to openvpn to pfsense and use freeradius, if that is the right approach as well. Is there any other way to get pfsense to connect to google ldap and manage user authentication?

BFI · Sep 23, 2020, 5:46 AM

@mephisto Did you eventually figure it out? I'm in the same situation. Appreciated any info you can share. thanks