IPSEC EAP-RADIUD PAP und privacyidea

Started by globoximator, October 02, 2023, 09:33:15 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
October 02, 2023, 09:33:15 AM
Hello everyone,

I'm currently in the process of configuring IPSEC for Roadwarrior with Active Directory authentication via Radius.

I have between the AD and the opnsense privacyidea as radiius server. I would like to use this for totp. I have configured IPSEC Roadwarrior with EAP-RADIUS.

Now the question is does EAP-RADIUS PAP? When authenticating with domain user and TOTP, the password must be sent to the Radius via PAP. With mschapv2 a challenge response is used and the TOTP part cannot be separated from the password.

When I test the user with totp on opnsense under Access/Tester, the authentication works without any problems.

Has anyone done this before or can give me information?
October 02, 2023, 11:40:08 AM #1
EAP itself requires CHAP, this wont work
October 05, 2023, 05:35:29 PM #2 Last Edit: October 05, 2023, 05:37:19 PM by globoximator
Thanks. I already suspected that.

Is there an alternative with IPSEC, Radius and TOTP?

How about PSK + Xauth and do Radius on mobile Clients Backend?
October 05, 2023, 06:02:56 PM #3
I would go for OpenVPN instead of IPsec
Print
Go Up Pages1
User actions