RADIUS Authentication over IPsec Tunnel
-
Below is my current network configuration.
I have RADIUS authentication working from the pfSense to the PDC. The Authentication test works in pfSense config, however, when I attempt to authenticate from a mobile client, I receive an error: "IKE authentication credentials are unacceptable."
I've run some packet captures and I see the RADIUS packets going back and forth from the PDC, however, I do not see them when I attempt to authenticate from the mobile client.
Does anyone have any input on what might need to be changed?
-
Also, here is my configuration for the tunnel.
Phase 1
- IKEv2, IPv4, WAN Interface
- Auth. Method: EAP-MSCHAPv2 (also tried EAP-RADIUS)
- My Identifier: FQDN
- Peer Identifier: Any
- Encryption Algorithm: AES128, SHA256, DH14
Phase 2
- Protocol: ESP
- Encryption Algorithm: AES128, AES128-GCM 128
- Hash Algorithm: SHA1, SHA256
- PFS Key Group 14