Authentication Server Radius Server Protocol

[chrisrstanfield]

I'm working on configuring FreeRadius to function as a primary authentication method for my network and IPSec VPN.  I have it working with my WLC with WIFI authentication but I'm unable to get VPN to authenticate to Radius. 

I've added Radius as a server and when I run a test with a user account it throws:

The following input errors were detected:
Authentication failed.

When I check the Radius logs I see this:
Auth: (269) Login incorrect (pap: Cleartext password does not match "known good" password)

Is Opnsense sending the passwords in plain text?  I did a bunch of reading and found that in PfSense there is an option to change the protocol from PAP when adding an authentication server.  This option isn't available in Opnsense.  Is there somewhere else or way to configure this?