4. OpenVPN - Radius Question

OpenVPN - Radius Question

  • C

    Hello,
    I am setting up an OpenVPN server and im going to use Radius.

    I am following this guide: https://doc.pfsense.org/index.php/OpenVPN_with_RADIUS_via_Active_Directory

    In the attached screen shot is a section of the above guide.
    My question is those methods of Authentication "MSCHAP-V2, MSCHAP". Aren't these protocols already been broken and hacked ?

    So I am setting up a secure OpenVPN server but when the client sends the creds through the tunnel it will be using these above protocols to authenticate ?
    Do I not need to worry about this since the OpenVPN tunnel is using an AES-256 encryption algorithm ?

    Or do I have the wrong thinking ?
    Thank You
    ![pfsense Picture.jpg](/public/imported_attachments/1/pfsense Picture.jpg)
    ![pfsense Picture.jpg_thumb](/public/imported_attachments/1/pfsense Picture.jpg_thumb)

    0
  • C

    Hate to do it.

    Bump…

    0
  • Rebel Alliance Developer Netgate

    In this case your worry is not with OpenVPN itself, that would still encrypt the authentication, but with the traffic between pfSense and the RADIUS server since RADIUS is sent in the clear. If that leg is secure you shouldn't have much to worry about.

    The way MSCHAPv2 is used by PPTP and WAP2-Enterprise makes it easy to compromise those protocols, but OpenVPN is a much different animal.

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy