Configuring IKEv2 EAP-RADIUS



  • I'm at a loss here…

    I am trying to figure out a way to get my pfSense box to authenticate against my AD server. Originally I wanted to use LDAP, but I was told in another post that StrongSwan does do direct LDAP authentication. I was advised that I should use EAP-RADIUS instead. This is where the problems began...

    Since this is a lab environment I can show all of my configs with no worries.

    Here is my Phase 1 configuration where most of everything is setup.

    http://i.imgur.com/QNHvXNz.png

    If I use EAP-MS-CHAPv2 and the local database everything works perfect so I know my tunnel configuration is working properly.

    Here is my RADIUS server configuration, nothing really special here. I can confirm that my RADIUS authentication works when using the Diagnostics->Authentication test tool. So I know pfSense can talk to my RADIUS server which is running on Windows Server 2012 R2.

    http://i.imgur.com/xnMSLWb.png

    Here is the settings for the actual RADIUS server.

    http://i.imgur.com/5EwdOqq.png

    All of my settings are based on the pfSense documentation which is why I am so lost.

    https://doc.pfsense.org/index.php/IKEv2_with_EAP-MSCHAPv2
    https://doc.pfsense.org/index.php/IKEv2_with_EAP-RADIUS

    Is it something to do with Windows Server? Did I miss something?

    Can anyone please lend me a hand.



  • I had a similar issue.  I selected the following and it started working.  The article I followed for openvpn stated I do this to very connectivity before locking down.  Change the order of the policies so that pfsense is in the middle.

    Enable the other options as marked in red. Download the photo to see changes to the far right.



Log in to reply