Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VPN IPSec/IKEV2 + Active Directory Auth + 2fA

    IPsec
    1
    1
    860
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      geovaneg
      last edited by geovaneg

      Hi guys,

      We were able to make two-factor authentication work with IPSec/IKEV2 VPN on PfSense via the Azure NPS extension sending the notification to the Microsoft Authenticator on the users smartphones: https://docs.microsoft.com/en-us/azure/active -directory/authentication/howto-mfa-nps-extension

      Basic scheme:

      Client -> PfSense VPN IPSec/IKEV2 -> MS Radius NPS -> AD -> 2fA Azure NPS extension -> MS Authenticator (user cel)

      The few changes in PfSense basically refer to increasing the timeout in the "Mobile Clients" settings. Everything else is configured in Radius NPS and the Azure console.

      Unfortunately, the organization found the licensing costs of Azure MFA too high for hundreds of mobile users.

      So I would like to know if anyone has integrated MFA into their authentication infrastructure in a similar way, with low impact, but more affordable cloud 2FA service licensing costs.

      Thank you.

      1 Reply Last reply Reply Quote 1
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.