pfSense

RADIUS authentication fails with the authentication server entry set to use MSCHAPv1 or MSCHAPv2 when passwords contain international characters. Authentication with the same password succeeds when set to PAP or MD5-CHAP.

I've tried running through a few different encodings (UTF-8, UTF-16, and the chap module's own unicode conversion function) without success.

It works when using radtest at the CLI regardless of type passed to that program. Packet captures of similar requests don't show significant differences between PHP and radtest.

Could be a limitation of Crypt_CHAP_MSv1 / Crypt_CHAP_MSv2 / Auth_RADIUS_*, but we should at least eliminate possible local code causes first.

Low priority since there are ways to make it work (PAP, MD5-CHAP), and users could choose to use other compatible passwords.