Pppoe and radius

  • I've tried installing a radius server (WinRadius 2009) to use to authenticate PPPoE users (since the local database update ills all connnections). However WinRadius is moaning saying the password/secret is incorrect.

    Does pfsense send this encrypted or something instead?

    I've also noticed the PPPoE server has reverted to plain text PAP for authentication, will there still be an MSCHAP option?

  • I'm guessing no to MSCHAP? It only seems to want to use PAP in 2.0 RC2.

    Meaning anyone with a packet sniffer can see others log-on credentials over wi-fi right?

    I've tried the PPPoE server again but I still have pages that die and won't load. For example, www.metservice.co.nz. The page refuses to finish loading.

    Does pfsense not automatically fragment packets from a 1500 ethernet to the 1492 PPPoE client? I tried changing my MTU to 1480 on my routers upstream but it still won't pass www.metservice.co.nz correctly to an end client.

  • Found my problem, even with ICMP enabled I decided to replace another upstream router with a different brand and problem solved. My entire network is now 1480 to be compatible with XP dialers.

    I'd still like to know though, will MS-CHAP authentication be supported again like it was before 2.0?

    Is there any possibility to enable MPPE on the PPPoE Server in pfsense or in the future? So Wi-Fi access can offer some level of security to each end user on an individual basis? ie: even with WPA on the Wi-Fi side, a clietn can still packet sniff PPPoE traffic of others if they have the network key and are associated.

  • MS-CHAP has never been supported, maybe at some point in the future post-2.0.

Log in to reply