Project

General

Profile

Actions
Copy link

Todo #15736

open

Feedback on pfSense® software Configuration Recipes — IPsec Remote Access VPN Example Using IKEv2 with EAP-RADIUS

Added by Andrew Almond 3 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
User Management / Authentication
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:

Description

Authenticating against Microsoft NPS server may fail if NTLMv1 has been disabled, which is a common security best practice.
The solution is to add a registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\LmCompatibilityLevel and add a DWORD Enable NTLMv2 Compatibility with value 1.

https://learn.microsoft.com/en-gb/troubleshoot/windows-server/networking/rras-vpn-connections-fail-ms-chapv2-authentication

I think that adding this instruction and a link to the Microsoft KB to these pages would be very helpful:
https://docs.netgate.com/pfsense/en/latest/recipes/ipsec-mobile-ikev2-eap-radius.html
https://docs.netgate.com/pfsense/en/latest/recipes/external-authentication.html

I struggled with this issue for a long time until finding the solution - it's not obvious because the logins will fail on NPS even when everything is configured correctly.

No data to display

Actions
Copy link

Also available in: Atom PDF