PART 3: Final Setup – configuring OpenVPN to use FreeRadius3 for authentication
In this last section we will be enabling FreeRADIUS3 authentication within OpenVPN.
Go to the VPN menu, OpenVPN, then go to the Servers tab.
Click the edit icon by the server you setup previously.
Server Mode: Confirm this is set to “Remote Access (SSL/TLS + User Auth)”
Backend for authentication: Change from Local Database to the new FreeRadius server you setup.
Now go to the Services Menu, FreeRADIUS, then the EAP tab.
Configure the SSL CA Certificate and the SSL Server Certificate to match those you created when you setup OpenVPN initially.
Now go to System, Cert Manager, then the Certificates tab.
Delete the User Certificate you created previously, then click Add.
Method: Create an internal Certificate
Descriptive name: A description which denotes which user the cert is for and why.
Certificate Authority: Confirm this matches the CA you setup in previous steps.
Key length: 4096 (recommended)
Digest Algorithm: sha512 (recommended)
Certificate Type: User Certificate
Common Name: Home, pfSense, Domain, etc.
The very last step is to go into the client export tool to configure your device to connect to openVPN.
Under the VPN menu, go back into OpenVPN, then the Client Export tab.
Scroll all the way to the bottom. You should see a listing for the new cert/user combination we setup. Export the openVPN configuration for your preferred system and test.
Once successfully connected you should be able to go into pfSense and view all current connections under Status: OpenVPN.