Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN - Radius Question

    Scheduled Pinned Locked Moved OpenVPN
    3 Posts 2 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      centuryx476
      last edited by

      Hello,
      I am setting up an OpenVPN server and im going to use Radius.

      I am following this guide: https://doc.pfsense.org/index.php/OpenVPN_with_RADIUS_via_Active_Directory

      In the attached screen shot is a section of the above guide.
      My question is those methods of Authentication "MSCHAP-V2, MSCHAP". Aren't these protocols already been broken and hacked ?

      So I am setting up a secure OpenVPN server but when the client sends the creds through the tunnel it will be using these above protocols to authenticate ?
      Do I not need to worry about this since the OpenVPN tunnel is using an AES-256 encryption algorithm ?

      Or do I have the wrong thinking ?
      Thank You
      ![pfsense Picture.jpg](/public/imported_attachments/1/pfsense Picture.jpg)
      ![pfsense Picture.jpg_thumb](/public/imported_attachments/1/pfsense Picture.jpg_thumb)

      1 Reply Last reply Reply Quote 0
      • C
        centuryx476
        last edited by

        Hate to do it.

        Bump…

        1 Reply Last reply Reply Quote 0
        • jimpJ
          jimp Rebel Alliance Developer Netgate
          last edited by

          In this case your worry is not with OpenVPN itself, that would still encrypt the authentication, but with the traffic between pfSense and the RADIUS server since RADIUS is sent in the clear. If that leg is secure you shouldn't have much to worry about.

          The way MSCHAPv2 is used by PPTP and WAP2-Enterprise makes it easy to compromise those protocols, but OpenVPN is a much different animal.

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.