Differentiating between OpenVPN servers with RADIUS auth
-
Hello,
We have two OpenVPN servers that we'd like to authenticate via RADIUS instead of local. The issue is that different users are assigned to different VPNs, and I'm having trouble routing these on the NPS.
Based on #3686, this should be possible using "ovnpns1" and "ovpns2", etc - but it seems pfSense is only sending "openvpn" as the NAS-Identifier regardless of which VPN initiated the request.
Utilizing Windows Server for NPS.
Any help would be appreciated.
Thank you.
-
@frozenmsp said in Differentiating between OpenVPN servers with RADIUS auth:
is only sending "openvpn" as the NAS-Identifier regardless of which VPN initiated the request.
You see "openvpn" or "openVPN" ?
Like this ? -
@Gertjan I'm not sure; I was just testing with "openvpn" and it was accepting that - perhaps it's not case sensitive with Windows NPS?
-
I'm mean, any pfSense openvpn server instance will use /etc/inc/openvpn.auth-user.php if that server is set up to use (maybe) name+password and Radius.
In that case the "nas_identifier" is set to "openVPN", and not what #3686 tells me : - ovpns1
- ovpns2 ...
Strange : I can't find the implementation of #3686. was it just 'closed' and not implemented ?
I do use the OpenVPN server myself, but not the Radius part, neither user/password, just TLS (certs).
-
@Gertjan My assumption is #3686 was not implemented as outlined, and that functionality was implemented as "nas-port" - which unfortunately isn't recognized by Windows Server NPS as far as I can see.
