Set up Free Radius on PfSense with two factor authentication for OpenVPN
Вставка
- Опубліковано 30 лип 2024
- In this video I'll go through how to setup FreeRadius on pfsense for the purposes of using two factor authentication on OpenVPN . Two factor authentication strengthens the security of your VPN connection because a successful connection requires, an SSL certificate, user name, pin code and one time password (Via Google Authenticator in this video)
If you haven't already setup OpenVPN on your PfSense box, please take a look at my previous video here:
• PfSense OpenVPN Config...
In this video I go through the steps of:
Installing FreeRadius 3
Setting up the initial Free Radius parameters
Creating a couple of test users
Testing these users authenticate OK
Setting up the two factor authentication in Free Radius
Installing Google Authenticator on an Android phone
Going through establishing a connection for the first time.
AFFILIATE LINK DISCLOSURE
Some of the links below are Amazon affiliate links. If you click on a link and make a purchase, I may receive a commission. Using this link won't cost you any more and any money earned helps to support this channel.
Items used in this video:
Samsung Galaxy S5 phone
amzn.to/2UUHQpJNew
MHL cable
amzn.to/3io6nLK
Used in conjunction with the above phone (Which I already owned) to output HDMI to record Google Authenticator setup as the security on the phone stops this being recorded via a screen recorder.
HDMI to USB capture Card
amzn.to/3imO3CR
Used to record from an HDMI source, in this case via the MHL cable plugged into the Galaxy S5 phone
Screen and HDMI capture was done using OBS Studio:
obsproject.com/
Intro and Outro video was filmed using a OnePlus 5 phone with software from Iriun to capture video into OBS Studio
amzn.to/3zlrpBC
iriun.com/
Sound was recorded using a Boya BY-M1 lapel microphone with Audacity
amzn.to/3Bs637F
www.audacityteam.org/
For lighting I used 3 x 70 LED photography lights:
amzn.to/3rmhGbC
Video production was done using Cyberlink Power Director 19 Ultimate
amzn.to/3kxw4w1
Hardware used for PfSense
amzn.to/36SjxeF - Наука та технологія
Man you should continue doing this . Its been a while since I watched a tutorial and it worked first time out. Really! . Excellent .
after days and days searching i found you by accident! your explanation its very concrete with no circles and detailed! congratulations!
Excellent setup guide working first time. Thank you very much for sharing.
easy to follow and setup , thanks.
You gave the perfect explanation !!
Excellent, thanks and continue your great explanation videos!
hi,
ldap + Free Radius on PfSense with two factor authentication for OpenVPN
my question is ldap + PfSense with two factor authentication support and method help pls
Excellent steps and perfect speed, thank you
Glad it was helpful!
better than any other out there. Really!
Awesome. Thanks a lot! It works well done
Thank you very much!
Can the Microsoft Authenticator be used instead of Google? Will this work if my users don't want to use an authenticator App? What about the encryption provided by the user certificate? Does that go away since new users are being created without certs?
Is there a way to configure MFA on the web configuration (GUI) to limit admin access?
good morning, Can you implement access via complex password and otp instead of pin+opt? the second solution seems unsafe to me.
Thank you!
"a successful connection requires, an SSL certificate, user name, pin code and one time password"
But at 6:50 you disabled the TLS certificate requirement, allowing users to connect without a unique cert, so isn't this just username, pin, and otp code?
Hi, It's not working for me I have configured the same steps but it is giving me error of TLS handshake failed, could you please help me out to fix this. I need to configure OpenVPN with SAML authentication for my office.
How we can disable PIN and login only by using username and Google Authenticator rolling code?
Anyone that knows how to keep the VPN connection up for longer than an hour or so? It seems to timeout if not used... I have tried to Custom option "reneg-sec 43200;" in the VPN server section
Great Video
Hey There, any way to do this same thing but using an Active Directory backend for users instead of freeraduis local DB?
FreeRadius supports both LDAP or AD via LDAP if you set some extra options. But the OTP support in FreeRadius is internal can't be tied to another auth provider.
Works great, but is there a way for users to generate their own OTP code?
You completely escaped the OpenVPN, I followed your tutorial step by step but doesn’t work it was great if you did it step-by-step
Could you tell me at what point you had the issue. I mentioned in my intro that if you hadn't already setup OpenVPN to refer to my previous video on how to set this up.
Same here doesn’t work the OpenVPN steps escaped