Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    OpenVPN - Radius Question

    OpenVPN
    2
    3
    820
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      centuryx476 last edited by

      Hello,
      I am setting up an OpenVPN server and im going to use Radius.

      I am following this guide: https://doc.pfsense.org/index.php/OpenVPN_with_RADIUS_via_Active_Directory

      In the attached screen shot is a section of the above guide.
      My question is those methods of Authentication "MSCHAP-V2, MSCHAP". Aren't these protocols already been broken and hacked ?

      So I am setting up a secure OpenVPN server but when the client sends the creds through the tunnel it will be using these above protocols to authenticate ?
      Do I not need to worry about this since the OpenVPN tunnel is using an AES-256 encryption algorithm ?

      Or do I have the wrong thinking ?
      Thank You
      ![pfsense Picture.jpg](/public/imported_attachments/1/pfsense Picture.jpg)
      ![pfsense Picture.jpg_thumb](/public/imported_attachments/1/pfsense Picture.jpg_thumb)

      1 Reply Last reply Reply Quote 0
      • C
        centuryx476 last edited by

        Hate to do it.

        Bump…

        1 Reply Last reply Reply Quote 0
        • jimp
          jimp Rebel Alliance Developer Netgate last edited by

          In this case your worry is not with OpenVPN itself, that would still encrypt the authentication, but with the traffic between pfSense and the RADIUS server since RADIUS is sent in the clear. If that leg is secure you shouldn't have much to worry about.

          The way MSCHAPv2 is used by PPTP and WAP2-Enterprise makes it easy to compromise those protocols, but OpenVPN is a much different animal.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post

          Products

          • Platform Overview
          • TNSR
          • pfSense
          • Appliances

          Services

          • Training
          • Professional Services

          Support

          • Subscription Plans
          • Contact Support
          • Product Lifecycle
          • Documentation

          News

          • Media Coverage
          • Press
          • Events

          Resources

          • Blog
          • FAQ
          • Find a Partner
          • Resource Library
          • Security Information

          Company

          • About Us
          • Careers
          • Partners
          • Contact Us
          • Legal
          Our Mission

          We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

          Subscribe to our Newsletter

          Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

          © 2021 Rubicon Communications, LLC | Privacy Policy