OpenVPN with External Radius Authentication Fail-over Order



  • Hello,
    I have a PFSense with the OpenVPN package we use to terminate users' vpn tunnels.
    Currently I have an external Radius server providing authentication working fine.

    Issue:
    Within the OpenVPN server configuration, there is an option to pick what to use as the user authentication. Currently I have both (local & Radius) selected.
    This creates an issue as the VPN account can now login via local and Radius.

    Question:
    Is there option or can I force an authentication fail-over sequence so;
    PFSense will only use local auth when the Radius is unavilable?
    Like most network gear. If it can reach (gets a response from Radius) that is it. you cannot login via local credentials.

    Thanks
    B


Log in to reply