Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
IPSEC EAP-RADIUD PAP und privacyidea
« previous
next »
Print
Pages: [
1
]
Author
Topic: IPSEC EAP-RADIUD PAP und privacyidea (Read 918 times)
globoximator
Newbie
Posts: 7
Karma: 0
IPSEC EAP-RADIUD PAP und privacyidea
«
on:
October 02, 2023, 09:33:15 am »
Hello everyone,
I'm currently in the process of configuring IPSEC for Roadwarrior with Active Directory authentication via Radius.
I have between the AD and the opnsense privacyidea as radiius server. I would like to use this for totp. I have configured IPSEC Roadwarrior with EAP-RADIUS.
Now the question is does EAP-RADIUS PAP? When authenticating with domain user and TOTP, the password must be sent to the Radius via PAP. With mschapv2 a challenge response is used and the TOTP part cannot be separated from the password.
When I test the user with totp on opnsense under Access/Tester, the authentication works without any problems.
Has anyone done this before or can give me information?
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: IPSEC EAP-RADIUD PAP und privacyidea
«
Reply #1 on:
October 02, 2023, 11:40:08 am »
EAP itself requires CHAP, this wont work
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
globoximator
Newbie
Posts: 7
Karma: 0
Re: IPSEC EAP-RADIUD PAP und privacyidea
«
Reply #2 on:
October 05, 2023, 05:35:29 pm »
Thanks. I already suspected that.
Is there an alternative with IPSEC, Radius and TOTP?
How about PSK + Xauth and do Radius on mobile Clients Backend?
«
Last Edit: October 05, 2023, 05:37:19 pm by globoximator
»
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: IPSEC EAP-RADIUD PAP und privacyidea
«
Reply #3 on:
October 05, 2023, 06:02:56 pm »
I would go for OpenVPN instead of IPsec
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
IPSEC EAP-RADIUD PAP und privacyidea