Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Configuring IKEv2 EAP-RADIUS

    Scheduled Pinned Locked Moved IPsec
    2 Posts 2 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      solignis
      last edited by

      I'm at a loss here…

      I am trying to figure out a way to get my pfSense box to authenticate against my AD server. Originally I wanted to use LDAP, but I was told in another post that StrongSwan does do direct LDAP authentication. I was advised that I should use EAP-RADIUS instead. This is where the problems began...

      Since this is a lab environment I can show all of my configs with no worries.

      Here is my Phase 1 configuration where most of everything is setup.

      http://i.imgur.com/QNHvXNz.png

      If I use EAP-MS-CHAPv2 and the local database everything works perfect so I know my tunnel configuration is working properly.

      Here is my RADIUS server configuration, nothing really special here. I can confirm that my RADIUS authentication works when using the Diagnostics->Authentication test tool. So I know pfSense can talk to my RADIUS server which is running on Windows Server 2012 R2.

      http://i.imgur.com/xnMSLWb.png

      Here is the settings for the actual RADIUS server.

      http://i.imgur.com/5EwdOqq.png

      All of my settings are based on the pfSense documentation which is why I am so lost.

      https://doc.pfsense.org/index.php/IKEv2_with_EAP-MSCHAPv2
      https://doc.pfsense.org/index.php/IKEv2_with_EAP-RADIUS

      Is it something to do with Windows Server? Did I miss something?

      Can anyone please lend me a hand.

      1 Reply Last reply Reply Quote 0
      • K
        kapara
        last edited by

        I had a similar issue.  I selected the following and it started working.  The article I followed for openvpn stated I do this to very connectivity before locking down.  Change the order of the policies so that pfsense is in the middle.

        Enable the other options as marked in red. Download the photo to see changes to the far right.

        radius.PNG
        radius.PNG_thumb

        Skype ID:  Marinhd

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.