Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN + Captive Portal 2FA

    Scheduled Pinned Locked Moved General pfSense Questions
    7 Posts 2 Posters 336 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • VioletDragonV
      VioletDragon
      last edited by

      Hi folks,

      So I have a Yubikey which I use 2FA for websites as well as logging into SSH and my laptop, however I want to implement 2FA for OpenVPN and a second Layer to the Guest Network which runs on Captive Portal, I am trying to find a solution which allows me to do this, I from searching online some uses Radius and others use LDAP, I have configured NPS on Server 2022. Which would be better for this use case ?

      Please let me know I am open to suggestions

      Regards

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan @VioletDragon
        last edited by

        @VioletDragon said in OpenVPN + Captive Portal 2FA:

        however I want to implement 2FA for OpenVPN and a second Layer to the Guest Network which runs on Captive Portal

        First, you have to imagine this situation :
        Create a OpenVPN connection to ... to where ? some VPN outside, right ?
        For this to happens, the firewall has to allow outgoing connections.
        But you can't the portal is blocking everything.

        First : you have to login into the portal. This can be done using radius, and radius opens up all kind of possibilities.

        Then, as is done a lot, you activate your VPN over the now open connection to the internet.

        The other way around isn't possible : you can't have the VPN open and working and then login the portal.

        @VioletDragon said in OpenVPN + Captive Portal 2FA:

        I am trying to find a solution

        What is the problem ?

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        VioletDragonV 1 Reply Last reply Reply Quote 0
        • VioletDragonV
          VioletDragon @Gertjan
          last edited by

          @Gertjan Hi. I managed to implement 2fa with OpenVPN and my Yubikey which works great. Used FreeRadius, however NPS is limited to only OTP so I didn’t go with that option.

          Captive Portal is used for Guest which is currently configured with a username and password to login. I wanted to implement 2fa with this which I haven’t managed yet.

          Regards

          GertjanG 2 Replies Last reply Reply Quote 0
          • GertjanG
            Gertjan @VioletDragon
            last edited by

            @VioletDragon

            This FreeRadius on pfSense software for Two Factor Authentication ?
            if FreeRadius is used for authentication, identification and accounting, I guess the portal work with 2FA.
            The portal uses radius, and radius uses 2FA.

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            1 Reply Last reply Reply Quote 0
            • GertjanG
              Gertjan @VioletDragon
              last edited by

              @VioletDragon

              This FreeRadius on pfSense software for Two Factor Authentication ?
              If FreeRadius is used for authentication, I guess the portal work with 2FA. The portal uses radius, and radius uses 2FA.

              No "help me" PM's please. Use the forum, the community will thank you.
              Edit : and where are the logs ??

              VioletDragonV 1 Reply Last reply Reply Quote 0
              • VioletDragonV
                VioletDragon @Gertjan
                last edited by

                @Gertjan FreeRADIUS is running on a VM on one of my Nodes, not using FreeRadius on pfSense.

                Regards

                GertjanG 1 Reply Last reply Reply Quote 0
                • GertjanG
                  Gertjan @VioletDragon
                  last edited by Gertjan

                  @VioletDragon

                  Same thing. On pfSense, or elsewhere, that all good.

                  remember : processes communicate with 127.0.0.1 = local, to some locally running process, or for example to 192.168.1.10, some device on pfSense LAN, with the same process on that device.

                  No "help me" PM's please. Use the forum, the community will thank you.
                  Edit : and where are the logs ??

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.