Pros / Cons using radius auth vs local db for openvpn or system user login?



  • Is there any pros or cons on which is better to use for openvpn or system user login authentication?

    For the openvpn server, you can choose to use localdb or radius for auth user/pass in conjunction with certificates.  I'm worried on the radius side because it clearly states on the certificate portion:

    This page uses the freeradius2 built-in script called "bootstrap" to create CA and certs. The disatvantage of this script is that nothing of your changes will be saved in the global config.xml file. So after a systemcrash or reinstallation of freeradius2 package all your CA and certs will be lost.

    So does this apply similarly for the Users you add under FreeRadius section?

    Same question for using the system users login for either SSH or web UI authentication.


  • Rebel Alliance Developer Netgate

    That text in FreeRADIUS has nothing to do with OpenVPN user certificates.

    For OpenVPN users with Certificates you would create the user certs under System > Cert Manager (rather than the User Manager)

    Which auth system to use is really up to you. RADIUS scales much better to larger numbers of users, but is more complex to manage. Generally, for a low number of users, you'd use the built-in user manager unless you already have a dedicated RADIUS or LDAP auth server (Active Directory, etc).


Log in to reply