Add 2FA Support to pfSense Plus Local Database Authentication
To eliminate the reliance on unsupported packages like freeRADIUS for making this work, we should add the capability to the built-in user database in pfSense for time-based tokens. This could be "bolted on" to the end of passwords similar to how other options accomplish this for OpenVPN or IPSec VPNs, but we may be able to add a field to the webConfigurator login for 2FA.
Updated by Kris Phillips 7 months ago
Further expounding on this, it appears that Viscosity has native capability to add prompts in the client config.
static-challenge "Please provide your One-Time Passcode" 0
This can be "merged" into the password field with a bit of finagling and scripting. May be a way to add a backend for this in pfSense.