4. OpenVPN - Radius Question

OpenVPN - Radius Question

  • C

    Hello,
    I am setting up an OpenVPN server and im going to use Radius.

    I am following this guide: https://doc.pfsense.org/index.php/OpenVPN_with_RADIUS_via_Active_Directory

    In the attached screen shot is a section of the above guide.
    My question is those methods of Authentication "MSCHAP-V2, MSCHAP". Aren't these protocols already been broken and hacked ?

    So I am setting up a secure OpenVPN server but when the client sends the creds through the tunnel it will be using these above protocols to authenticate ?
    Do I not need to worry about this since the OpenVPN tunnel is using an AES-256 encryption algorithm ?

    Or do I have the wrong thinking ?
    Thank You
    ![pfsense Picture.jpg](/public/imported_attachments/1/pfsense Picture.jpg)
    ![pfsense Picture.jpg_thumb](/public/imported_attachments/1/pfsense Picture.jpg_thumb)

    0
  • C

    Hate to do it.

    Bump…

    0
  • Rebel Alliance Developer Netgate

    In this case your worry is not with OpenVPN itself, that would still encrypt the authentication, but with the traffic between pfSense and the RADIUS server since RADIUS is sent in the clear. If that leg is secure you shouldn't have much to worry about.

    The way MSCHAPv2 is used by PPTP and WAP2-Enterprise makes it easy to compromise those protocols, but OpenVPN is a much different animal.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy