Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Pros / Cons using radius auth vs local db for openvpn or system user login?

    General pfSense Questions
    2
    2
    557
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      FlashEngineer last edited by

      Is there any pros or cons on which is better to use for openvpn or system user login authentication?

      For the openvpn server, you can choose to use localdb or radius for auth user/pass in conjunction with certificates.  I'm worried on the radius side because it clearly states on the certificate portion:

      This page uses the freeradius2 built-in script called "bootstrap" to create CA and certs. The disatvantage of this script is that nothing of your changes will be saved in the global config.xml file. So after a systemcrash or reinstallation of freeradius2 package all your CA and certs will be lost.

      So does this apply similarly for the Users you add under FreeRadius section?

      Same question for using the system users login for either SSH or web UI authentication.

      1 Reply Last reply Reply Quote 0
      • jimp
        jimp Rebel Alliance Developer Netgate last edited by

        That text in FreeRADIUS has nothing to do with OpenVPN user certificates.

        For OpenVPN users with Certificates you would create the user certs under System > Cert Manager (rather than the User Manager)

        Which auth system to use is really up to you. RADIUS scales much better to larger numbers of users, but is more complex to manage. Generally, for a low number of users, you'd use the built-in user manager unless you already have a dedicated RADIUS or LDAP auth server (Active Directory, etc).

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • First post
          Last post

        Products

        • Platform Overview
        • TNSR
        • pfSense
        • Appliances

        Services

        • Training
        • Professional Services

        Support

        • Subscription Plans
        • Contact Support
        • Product Lifecycle
        • Documentation

        News

        • Media Coverage
        • Press
        • Events

        Resources

        • Blog
        • FAQ
        • Find a Partner
        • Resource Library
        • Security Information

        Company

        • About Us
        • Careers
        • Partners
        • Contact Us
        • Legal
        Our Mission

        We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

        Subscribe to our Newsletter

        Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

        © 2021 Rubicon Communications, LLC | Privacy Policy