pfSense

Many if not most 2FA solutions support LDAP and/or RADIUS so are already supported. That said, enhancements here would be welcome.

Ping. I'd love this as a built in feature! I'm using the local database and dont want to get into managing another system to gain access to two factor authentication.

This feature will be really helpful to meet the specifications from the PCI-DSS / ISO27001 or another security certs.

Charlie Ross wrote:

Hi developers!

In a never-ending quest to beef up security, it would be great to have the ability of using two-factor authentication or one-time-passwords to access the admin interface (via web or ssh/console).

The Yubikey seems like a particularly popular system for accomplishing something like this. (http://www.yubikey.com)

Thank you for considering this,

Charlie

Totally agree. Even if it's possible with LDAP etc, it would be nice for it to come as a built-in feature to increase the uptake of 2FA for something as critical as a firewall.

This is even more necessary with the recent vulnerabilities that were released.

I also really want to see this in the Future.

We would like to see this implemented. This year we have seen a big increase from companies requiring this feature. Any hope ?

That can be accomplished using the FreeRadius package.

1. Install the FreeRADIUS package and configure it for OTP with Google Authenticator, setup a NAS entry for localhost
2. Add a new RADIUS auth server entry pointing to localhost
3. Set pfSense to use RADIUS auth for the GUI

It's explained at the link below:
https://youtu.be/n2Z3rr4W2xw?t=3394