Change radius Protocol from PAP to MS-CHAPv2

markdudov · May 28, 2024, 8:07 PM

Hello guys,

I followed this guide to enable pfSense 2FA at login.

https://www.comparitech.com/blog/vpn-privacy/pfsense-two-factor-authentication/

But there is something I don't like. As you can see PAP is used as Radius Protocol and not MS-CHAPv2

I tried changing it to MS-CHAPv2, but as soon as I change the protocol and go to the diagnostics -> authentication section to check if everything is ok, the authentication no longer works. If I change it back to PAP then authentication succeeds and if I change it back to CHAPv2 then authentication fails.

What needs to be changed throughout the configuration so that once the Radius Protocol MS-CHAPv2 is selected, it will authenticate successfully.

I would be very grateful if someone could look at the configuration from the link at the beginning and tell me what the problem might be and how I could solve it.

Thanks for your time. I appreciate it!

stephenw10 · May 28, 2024, 1:26 PM

Why are you trying to change it? That traffic is only between internal services on localhos,t it never leaves the firewall.

keyser · May 28, 2024, 8:07 PM

@markdudov I dont think freeradius on pfSense supports Chapv2 unless its EAP encapsulated.