Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - protocol6v

#1
23.1.11 with this option did indeed fix me up. Very happy camper here. Thanks for your help!
#2
Thats great news! Looking forward to upgrading and getting fixed up.

Thanks!
#3
Oh i understand, and am very much OK with waiting as long as I know things are in the works. I'm also glad I discovered this where I did before updating other production systems!

Thanks for all your help!
#4
Of course, you are correct. I tried adding:

<radius_protocol>MSCHAPv2</radius_protocol>

to the authserver block, taken from a PFSense config, but seems OPN doesn't use/respect this line.

I really hope a fix is incoming for this soon!
#5
I'll try to wait, but in the meantime, can anyone tell me how to edit the authentication "Servers" list via CLI, or what package manages these? I can't seem to find any info on how this works.

Thanks!
#6
Are you saying I should attempt an update for a new patch, and if that doesn't help, revert?

When reverting, do I need to just revert opnsense, or the kernel as well?

Thanks!
#7
Anybody else have any ideas here? This is a major problem for me, I use similar setups in many locations, and I now cannot upgrade any until I have a fix for this.

I'm not using Freeradius package as I am not using OPNsense as a radius server, simply as a client against an active directory NPS radius server.

Otherwise, in the mean time, is there a simple way to revert the entire release back to 23.1.7? or is this a backup and reinstall?

Thank you for any and all assistance!
#8
Thanks, but

root@firewall:~ # opnsense-revert -r 23.1.7 freeradius3
Package 'freeradius3' is not installed


Is the result. Do i need to install freeradius now for some reason?
#9
I started having a problem since 23.1.8 (That i noticed it, believe it was working in 23.1.7), where RADIUS server are trying to authenticate using PAP instead of MS-CHAPv2, so my IKE mobile VPNs will no longer authenticate.

I can't seem to find any documentation on forcing the authentication method like you can in PFSense for RADIUS servers. Can someone point me int he right direction here?

I've tried removing and re-adding the RADIUS servers, but they continue to all try PAP. Not sure if it matters or not but my RADIUS servers are Windows AD NPS. Previously working, now not. Other appliances I use RADIUS on are all still working fine, but not OPN since i believe 23.1.8.

Please help!