Hello everyone,
I'm currently in the process of configuring IPSEC for Roadwarrior with Active Directory authentication via Radius.
I have between the AD and the opnsense privacyidea as radiius server. I would like to use this for totp. I have configured IPSEC Roadwarrior with EAP-RADIUS.
Now the question is does EAP-RADIUS PAP? When authenticating with domain user and TOTP, the password must be sent to the Radius via PAP. With mschapv2 a challenge response is used and the TOTP part cannot be separated from the password.
When I test the user with totp on opnsense under Access/Tester, the authentication works without any problems.
Has anyone done this before or can give me information?
EAP itself requires CHAP, this wont work
Thanks. I already suspected that.
Is there an alternative with IPSEC, Radius and TOTP?
How about PSK + Xauth and do Radius on mobile Clients Backend?
I would go for OpenVPN instead of IPsec