Feature #16558: Add support of static-challenge OpenVPN option in Radius for 2FA - pfSense Packages - pfSense bugtracker

Actions

Copy link

Feature #16558

open

Add support of static-challenge OpenVPN option in Radius for 2FA

Added by Lev Prokofev 6 days ago.

Status:

New

Priority:

Low

Assignee:

Category:

FreeRADIUS

Target version:

Start date:

Due date:

% Done:

Estimated time:

Plus Target Version:

Description

Currently, Radius+OTP requires the user to add the PIN+OTP in the password field every time the user connects. With the static-challenge option(https://openvpn.net/as-docs/tutorials/tutorial--challenge-response-authentication.html#step-3--set-up-a-static-challenge-response), the client can save PIN as the password and add OTP in a separate window. However, the Radius expects to see the password as password=PIN+OTP, to workaround it, the following can be added to the Radius config (this likely should be the GUI option):

if (&request:State) {
    update request {
        User-Password := "%{User-Password}%{reply:Reply-Message}" 
    }
}

No data to display

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

pfSense » pfSense Packages

Custom queries

Feature #16558

Add support of static-challenge OpenVPN option in Radius for 2FA