Text only | Text with Images

OPNsense Forum

English Forums => 25.1, 25.4 Production Series => Topic started by: Cipher on May 12, 2025, 11:49:52 AM

Title: Does OPNsense Support PAP Authentication
Post by: Cipher on May 12, 2025, 11:49:52 AM
Hi everyone,

We're planning to migrate a customer from pfSense to OPNsense and are currently validating compatibility for their setup.

We've successfully tested PPPoE on OPNsense, but we need to confirm if PAP (Password Authentication Protocol) is supported and working reliably in this context.

This is important for us before moving forward with the migration.

Has anyone used PAP authentication on OPNsense? Any known issues or limitations?

Thanks in advance!
Title: Re: Does OPNsense Support PAP Authentication
Post by: hharry on May 12, 2025, 11:57:09 PM
Quote from: Cipher on May 12, 2025, 11:49:52 AMHas anyone used PAP authentication on OPNsense? Any known issues or limitations?

Thanks in advance!

Yes OPNsesne supports PPPoE PAP authentication, when the remote PPPoE server requests it.

OPNsesne configures by default, PPPoE to accept, PAP, or CHAP, or EAP authentication protocols.

Code Select
root@OPNsense:~ # egrep -ai 'link accept' /var/etc/mpd_wan.conf
  set link accept chap pap eap
root@OPNsense:~ #


I run several OPNsense instances with PPPoE, all run with PAP authentication, sample logs below


Code Select
/var/log/system/system_20250511.log:<29>1 2025-05-11T16:19:43+10:00 OPNsense.localdomain ppp 91391 - [meta sequenceId="70"] PPPoE: rec'd ACNAME "VYOS03"
/var/log/system/system_20250511.log:<29>1 2025-05-11T16:19:43+10:00 OPNsense.localdomain ppp 91391 - [meta sequenceId="71"] [wan_link0] PPPoE: connection successful
/var/log/system/system_20250511.log:<29>1 2025-05-11T16:19:43+10:00 OPNsense.localdomain ppp 91391 - [meta sequenceId="72"] [wan_link0] Link: UP event
/var/log/system/system_20250511.log:<29>1 2025-05-11T16:19:43+10:00 OPNsense.localdomain ppp 91391 - [meta sequenceId="73"] [wan_link0] LCP: Up event
/var/log/system/system_20250511.log:<29>1 2025-05-11T16:19:43+10:00 OPNsense.localdomain ppp 91391 - [meta sequenceId="74"] [wan_link0] LCP: state change Starting --> Req-Sent
/var/log/system/system_20250511.log:<29>1 2025-05-11T16:19:43+10:00 OPNsense.localdomain ppp 91391 - [meta sequenceId="75"] [wan_link0] LCP: SendConfigReq #5
/var/log/system/system_20250511.log:<29>1 2025-05-11T16:19:43+10:00 OPNsense.localdomain ppp 91391 - [meta sequenceId="76"] [wan_link0]   MRU 1492
/var/log/system/system_20250511.log:<29>1 2025-05-11T16:19:43+10:00 OPNsense.localdomain ppp 91391 - [meta sequenceId="77"] [wan_link0]   MAGICNUM 0x3456ef14
/var/log/system/system_20250511.log:<29>1 2025-05-11T16:19:43+10:00 OPNsense.localdomain ppp 91391 - [meta sequenceId="78"] [wan_link0] LCP: rec'd Configure Request #101 (Req-Sent)
/var/log/system/system_20250511.log:<29>1 2025-05-11T16:19:43+10:00 OPNsense.localdomain ppp 91391 - [meta sequenceId="79"] [wan_link0]   AUTHPROTO PAP
/var/log/system/system_20250511.log:<29>1 2025-05-11T16:19:43+10:00 OPNsense.localdomain ppp 91391 - [meta sequenceId="80"] [wan_link0]   MRU 1492
/var/log/system/system_20250511.log:<29>1 2025-05-11T16:19:43+10:00 OPNsense.localdomain ppp 91391 - [meta sequenceId="81"] [wan_link0]   MAGICNUM 0x7bdf7d46
/var/log/system/system_20250511.log:<29>1 2025-05-11T16:19:43+10:00 OPNsense.localdomain ppp 91391 - [meta sequenceId="82"] [wan_link0] LCP: SendConfigAck #101
/var/log/system/system_20250511.log:<29>1 2025-05-11T16:19:43+10:00 OPNsense.localdomain ppp 91391 - [meta sequenceId="83"] [wan_link0]   AUTHPROTO PAP
/var/log/system/system_20250511.log:<29>1 2025-05-11T16:19:43+10:00 OPNsense.localdomain ppp 91391 - [meta sequenceId="84"] [wan_link0]   MRU 1492
/var/log/system/system_20250511.log:<29>1 2025-05-11T16:19:43+10:00 OPNsense.localdomain ppp 91391 - [meta sequenceId="85"] [wan_link0]   MAGICNUM 0x7bdf7d46
/var/log/system/system_20250511.log:<29>1 2025-05-11T16:19:43+10:00 OPNsense.localdomain ppp 91391 - [meta sequenceId="86"] [wan_link0] LCP: state change Req-Sent --> Ack-Sent
/var/log/system/system_20250511.log:<29>1 2025-05-11T16:19:43+10:00 OPNsense.localdomain ppp 91391 - [meta sequenceId="87"] [wan_link0] LCP: rec'd Configure Ack #5 (Ack-Sent)
/var/log/system/system_20250511.log:<29>1 2025-05-11T16:19:43+10:00 OPNsense.localdomain ppp 91391 - [meta sequenceId="88"] [wan_link0]   MRU 1492
/var/log/system/system_20250511.log:<29>1 2025-05-11T16:19:43+10:00 OPNsense.localdomain ppp 91391 - [meta sequenceId="89"] [wan_link0]   MAGICNUM 0x3456ef14
/var/log/system/system_20250511.log:<29>1 2025-05-11T16:19:43+10:00 OPNsense.localdomain ppp 91391 - [meta sequenceId="90"] [wan_link0] LCP: state change Ack-Sent --> Opened
/var/log/system/system_20250511.log:<29>1 2025-05-11T16:19:43+10:00 OPNsense.localdomain ppp 91391 - [meta sequenceId="91"] [wan_link0] LCP: auth: peer wants PAP, I want nothing
/var/log/system/system_20250511.log:<29>1 2025-05-11T16:19:43+10:00 OPNsense.localdomain ppp 91391 - [meta sequenceId="92"] [wan_link0] PAP: using authname "username@example.com"
/var/log/system/system_20250511.log:<29>1 2025-05-11T16:19:43+10:00 OPNsense.localdomain ppp 91391 - [meta sequenceId="93"] [wan_link0] PAP: sending REQUEST #1 len: 43
/var/log/system/system_20250511.log:<29>1 2025-05-11T16:19:43+10:00 OPNsense.localdomain ppp 91391 - [meta sequenceId="94"] [wan_link0] LCP: LayerUp
/var/log/system/system_20250511.log:<29>1 2025-05-11T16:19:43+10:00 OPNsense.localdomain ppp 91391 - [meta sequenceId="95"] [wan_link0] PAP: rec'd ACK #1 len: 29
/var/log/system/system_20250511.log:<29>1 2025-05-11T16:19:43+10:00 OPNsense.localdomain ppp 91391 - [meta sequenceId="96"] [wan_link0]   MESG: Authentication succeeded
/var/log/system/system_20250511.log:<29>1 2025-05-11T16:19:43+10:00 OPNsense.localdomain ppp 91391 - [meta sequenceId="97"] [wan_link0] LCP: authorization successful
/var/log/system/system_20250511.log:<29>1 2025-05-11T16:19:43+10:00 OPNsense.localdomain ppp 91391 - [meta sequenceId="98"] [wan_link0] Link: Matched action 'bundle "wan" ""'
/var/log/system/system_20250511.log:<29>1 2025-05-11T16:19:43+10:00 OPNsense.localdomain ppp 91391 - [meta sequenceId="99"] [wan_link0] Link: Join bundle "wan"
/var/log/system/system_20250511.log:<29>1 2025-05-11T16:19:43+10:00 OPNsense.localdomain ppp 91391 - [meta sequenceId="100"] [wan] Bundle: Status update: up 1 link, total bandwidth 64000 bps
/var/log/system/system_20250511.log:<29>1 2025-05-11T16:19:43+10:00 OPNsense.localdomain ppp 91391 - [meta sequenceId="101"] [wan] IPCP: Open event
/var/log/system/system_20250511.log:<29>1 2025-05-11T16:19:43+10:00 OPNsense.localdomain ppp 91391 - [meta sequenceId="102"] [wan] IPCP: state change Initial --> Starting
/var/log/system/system_20250511.log:<29>1 2025-05-11T16:19:43+10:00 OPNsense.localdomain ppp 91391 - [meta sequenceId="103"] [wan] IPCP: LayerStart
/var/log/system/system_20250511.log:<29>1 2025-05-11T16:19:43+10:00 OPNsense.localdomain ppp 91391 - [meta sequenceId="104"] [wan] IPCP: Up event
/var/log/system/system_20250511.log:<29>1 2025-05-11T16:19:43+10:00 OPNsense.localdomain ppp 91391 - [meta sequenceId="105"] [wan] IPCP: state change Starting --> Req-Sent
/var/log/system/system_20250511.log:<29>1 2025-05-11T16:19:43+10:00 OPNsense.localdomain ppp 91391 - [meta sequenceId="106"] [wan] IPCP: SendConfigReq #7
/var/log/system/system_20250511.log:<29>1 2025-05-11T16:19:43+10:00 OPNsense.localdomain ppp 91391 - [meta sequenceId="107"] [wan]   IPADDR 0.0.0.0
/var/log/system/system_20250511.log:<29>1 2025-05-11T16:19:43+10:00 OPNsense.localdomain ppp 91391 - [meta sequenceId="108"] [wan] IPCP: rec'd Configure Request #239 (Req-Sent)
/var/log/system/system_20250511.log:<29>1 2025-05-11T16:19:43+10:00 OPNsense.localdomain ppp 91391 - [meta sequenceId="109"] [wan]   IPADDR 192.168.40.254
/var/log/system/system_20250511.log:<29>1 2025-05-11T16:19:43+10:00 OPNsense.localdomain ppp 91391 - [meta sequenceId="110"] [wan]     192.168.40.254 is OK
/var/log/system/system_20250511.log:<29>1 2025-05-11T16:19:43+10:00 OPNsense.localdomain ppp 91391 - [meta sequenceId="111"] [wan] IPCP: SendConfigAck #239
/var/log/system/system_20250511.log:<29>1 2025-05-11T16:19:43+10:00 OPNsense.localdomain ppp 91391 - [meta sequenceId="112"] [wan]   IPADDR 192.168.40.254
/var/log/system/system_20250511.log:<29>1 2025-05-11T16:19:43+10:00 OPNsense.localdomain ppp 91391 - [meta sequenceId="113"] [wan] IPCP: state change Req-Sent --> Ack-Sent
/var/log/system/system_20250511.log:<29>1 2025-05-11T16:19:43+10:00 OPNsense.localdomain ppp 91391 - [meta sequenceId="114"] [wan] IPCP: rec'd Configure Nak #7 (Ack-Sent)
/var/log/system/system_20250511.log:<29>1 2025-05-11T16:19:43+10:00 OPNsense.localdomain ppp 91391 - [meta sequenceId="115"] [wan]   IPADDR 192.168.40.1
/var/log/system/system_20250511.log:<29>1 2025-05-11T16:19:43+10:00 OPNsense.localdomain ppp 91391 - [meta sequenceId="116"] [wan]     192.168.40.1 is OK
/var/log/system/system_20250511.log:<29>1 2025-05-11T16:19:43+10:00 OPNsense.localdomain ppp 91391 - [meta sequenceId="117"] [wan] IPCP: SendConfigReq #8
/var/log/system/system_20250511.log:<29>1 2025-05-11T16:19:43+10:00 OPNsense.localdomain ppp 91391 - [meta sequenceId="118"] [wan]   IPADDR 192.168.40.1
/var/log/system/system_20250511.log:<29>1 2025-05-11T16:19:43+10:00 OPNsense.localdomain ppp 91391 - [meta sequenceId="119"] [wan] IPCP: rec'd Configure Ack #8 (Ack-Sent)
/var/log/system/system_20250511.log:<29>1 2025-05-11T16:19:43+10:00 OPNsense.localdomain ppp 91391 - [meta sequenceId="120"] [wan]   IPADDR 192.168.40.1
/var/log/system/system_20250511.log:<29>1 2025-05-11T16:19:43+10:00 OPNsense.localdomain ppp 91391 - [meta sequenceId="121"] [wan] IPCP: state change Ack-Sent --> Opened
/var/log/system/system_20250511.log:<29>1 2025-05-11T16:19:43+10:00 OPNsense.localdomain ppp 91391 - [meta sequenceId="122"] [wan] IPCP: LayerUp
/var/log/system/system_20250511.log:<29>1 2025-05-11T16:19:43+10:00 OPNsense.localdomain ppp 91391 - [meta sequenceId="123"] [wan]   192.168.40.1 -> 192.168.40.254
/var/log/system/system_20250511.log:<13>1 2025-05-11T16:19:43+10:00 OPNsense.localdomain ppp 25853 - [meta sequenceId="124"] ppp-linkup: executing on pppoe1 for inet
Title: Re: Does OPNsense Support PAP Authentication
Post by: Cipher on May 13, 2025, 10:35:14 AM
Thank you for your quick response.

Is this the same configuration as PPPoE? Will the authentication be handled automatically?
I ask because I don't see any option to select the protocol during the PPPoE setup—will this be managed behind the scenes?
Title: Re: Does OPNsense Support PAP Authentication
Post by: Patrick M. Hausen on May 13, 2025, 10:48:11 AM
Quote from: Cipher on May 13, 2025, 10:35:14 AMIs this the same configuration as PPPoE? Will the authentication be handled automatically?

Yes. The server will negotiate the authentication protocol with the client (OPNsense). All of this is automatic.
Title: Re: Does OPNsense Support PAP Authentication
Post by: Cipher on May 13, 2025, 04:58:13 PM
Quote from: Patrick M. Hausen on May 13, 2025, 10:48:11 AM
Quote from: Cipher on May 13, 2025, 10:35:14 AMIs this the same configuration as PPPoE? Will the authentication be handled automatically?

Yes. The server will negotiate the authentication protocol with the client (OPNsense). All of this is automatic.

Thank you for your response.
I've got it configured, and it seems to be working well. I'm in the process of switching 10 firewalls from pfSense to OPNsense.
Text only | Text with Images