Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    MFA via external RADIUS

    Scheduled Pinned Locked Moved OpenVPN
    1 Posts 1 Posters 130 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      gallenat0r
      last edited by

      I've setup OpenVPN to work with external RADIUS server.
      Product is IDaaS from Entrust where there is a gateway that synchronize AD users to the service. The gateway also acts as RADIUS server for OpenVPN.
      In IDaaS I can select whether the user has a soft token or just uses SMS as MFA.
      Connecting using soft token works fine, but with SMS it fails immediately and after a second or two the SMS arrives.
      Looking with tcpdump/WireShark I see that upon entering credentials an Access-Request package is sent from pfSense to the RADIUS server and an Access-Challenge is returned.
      From the authentication log I get this:

      /openvpn.auth-user.php: Error during RADIUS authentication :

      The expected behaviour should be that I was prompted to enter the SMS token in the OpenVPN client, or not?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.