Radius server

  • Hi friends. I am new in pfsense and I have a problem when I try to established EAP-Radius with PFsense 2.2.6.
    The main problem is that for now we used PPTP and we want to move on to 2.3. Now I am testing IKEv2 tunel to replace PPTP.
    I'l try with this docs https://doc.pfsense.org/index.php/IKEv2_with_EAP-MSCHAPv2 and there is no problem with EAP-MSCHAPv2.
    Our PPTP also work with radius trought pfsense there is no problem with authentication.
    But when I setup a new radius trought user manager -> servers, I cant authenticate trought pfsense tool - Authentication - this is result from eventvwr (windows srv 2012 r2)

    This is set on network policy IKEv2

    This is all that I was tried:
    1. Disable completely PPTP (even delete it and restart pfsense) - no effect
    2. Change all option in network policy/constraint - no effect

    I know I'm wrong somewhere but where. If you can please give me an advice. I appreciate it.
    Best regards Alek

  • I know it has been a while since this has been posted. PfSense seems to only authenticate in PAP when connecting to a RADIUS.
    Personally I think this is a security issue because information (username/password) is send plaintext to/from the RADIUS server.

    Is there anyway to get PfSense to authenticate through EAP?

  • When using PAP authentication the password field is encrypted with the shared secret so it is only as insecure as your shared secret.

Log in to reply