Post a Reply
868 views

pfSense OpenVPN Setup with FreeRadius3 2fa Authentication: Part 3 (Final Setup)

  1. 4 months ago
    Edited 4 months ago by Men in Black

    Part 1: OpenVPN Setup
    Part 2: FreeRADIUS3 Setup
    Part 3: Final Setup – Connecting the Two

    PART 3: Final Setup – configuring OpenVPN to use FreeRadius3 for authentication

    In this last section we will be enabling FreeRADIUS3 authentication within OpenVPN.
    Go to the VPN menu, OpenVPN, then go to the Servers tab.

    1.jpg

    Click the edit icon by the server you setup previously.

    openvpngeninfo-1.jpg

    Server Mode: Confirm this is set to “Remote Access (SSL/TLS + User Auth)”
    Backend for authentication: Change from Local Database to the new FreeRadius server you setup.

    Click Save.

    Now go to the Services Menu, FreeRADIUS, then the EAP tab.

    tlscerts-1.jpg

    Configure the SSL CA Certificate and the SSL Server Certificate to match those you created when you setup OpenVPN initially.
    Click Save.

    Now go to System, Cert Manager, then the Certificates tab.
    Delete the User Certificate you created previously, then click Add.

    newcert-1.jpg

    Method: Create an internal Certificate
    Descriptive name: A description which denotes which user the cert is for and why.
    Certificate Authority: Confirm this matches the CA you setup in previous steps.
    Key length: 4096 (recommended)
    Digest Algorithm: sha512 (recommended)
    Certificate Type: User Certificate

    Common Name: Home, pfSense, Domain, etc.
    Click Save.

    The very last step is to go into the client export tool to configure your device to connect to openVPN.
    Under the VPN menu, go back into OpenVPN, then the Client Export tab.
    Scroll all the way to the bottom. You should see a listing for the new cert/user combination we setup. Export the openVPN configuration for your preferred system and test.
    Once successfully connected you should be able to go into pfSense and view all current connections under Status: OpenVPN.

    Untitled.png

 

or Sign Up to reply!