Feature #5825
open
Allow EAP-RADIUS for authentication servers
Added by Orion Poplawski almost 9 years ago.
Updated over 5 years ago.
Description
When configuring a RADIUS authentication server, one must currently allow unencrypted PAP/SPAP connections. We should be able to configure it to use EAP encryption.
Adam Thompson wrote:
Supposedly this exists, per https://doc.pfsense.org/index.php/IKEv2_with_EAP-RADIUS, but I'm not 100% convinced that it's functional.
It's functional for IPSec, as IPSec's IKE phase 1 config page lets you explicitly specify the authentication method to EAP-MSChapv2 or EAP-TLS or whatever.
However, pfSense's own RADIUS configuration page doesn't provide any options for authentication method. Testing with the "Diagnostics / Authentication" page, it seems to only support PAP/SPAP currently. I think OpenVPN uses the same pfSense RADIUS auth, so it suffers the same limitation.
- Category changed from User Manager / Privileges to Authentication
Also available in: Atom
PDF