How To Configure FreeRadius on pfsense and static assign IP addresses to VPN users

These videos are excellent. I dont subscribe to a lot of channels but, Tom has the right thing going here.

Can you do a video where you setup 2 factor auth with openvpn ?

Thanks for this. I have seen many of your videos and you have been a fantastic resource for me - configuring my network on my relatively new homelab setup. I recently decided I wanted a more formal authentication process for various services on my lab and it appears that I could use FreeRadius package on pfsense to accomplish this. This is fantastic for me as I am using a post-bug SuperMicro A1SRI-C2758 w/ 32gb ecc ram (purchased this much thinking I would virtualize pfsense on proxmox, then discovered pfsense supports atom c2758 QAT so back to baremetal) - and being a small household this is alot of hardware for a small house so I am thrilled I can get more use out of pfsense. thank you for the video keep em coming.

Thak you sir Tom for having this video. I've been watching your videos it helps a lot. Thumbs up.

I'd be interested in a video detailing the linking FreeNAS to use the pfsense radius for user/group file permissions.

Thanks man, that really helped me setting my radius server to configure 2fa auth! You should do a video also explaining the 2fa configuration in pfsense, cause i couldn't find nothing really direct in that theme. Success!

I need to implement this into my stack! As always great video!

VERY interesting, ive never considered using an auth server like this. I do have a bunch of outward facing services and I use a reverse proxy for those but a good few of them do support using a radius server for auth, might be worth looking into. THANKS!

Great Video Tom! I haven't used RADIUS in quite some time. I have also implemented and used TACACS+ in the data center for access to all the network hardware within. Oh those were the good ole days.

loving the pfSense videos. keep it up!

I just setup FreeRADIUS last week for home wifi authentication for testing purposes,works okay.

Great video. I will need to implement this soon.
I setup OpenVPN and it works great for games that use DirectIP. The problem is that it doesn't work for games that use open LAN broadcasts. At least I haven't gotten it to work. Hamachi works sometimes and for some games but I need OpenVPN to work like the "Evolve" service (which is no longer available). Can this be done with OpenVPN?

That 1 dislike came from waiting too long for this video.

Could you also use this for account auth for FreeNAS?

Hi. First thanks for creating such helpful videos. I have a question about setting up Radius. Will it allow me to...
1) Set a fail limit on logins|
2) Set a retry delay after hitting the limit.
3) Alert the admin when someone hits the fail limit?
Thanks,
Rob

Thank you

How about using free RADIUS for authentication for Wi-Fi

awesome i needed this and didn't even know it existed

Good content! Keep it coming. Big tumbs up!

Hi Tom, you are assigning a static IP to VPN user via RADIUS settings, but I've noticed that the same effect can be achieved by using 'VPN/OpenVPN/Client Specific Overrides'. There you can override the 'IPv4 Tunnel Network' setting, which results in a user getting that specific IP on establishing a VPN connection. In addition you can also define other user specific settings like dns servers. What do you think about it, is it a proper way to set a static IP? :)

Hi, it is a quite nice video. You said you do not like to do unnecessary settings :) but you have setup accounting server for freeradius. Yet you did not check the accounting logs etc.
Where are they and how do you check it?

Great video. Could you do a video on a Ubiquiti Dream machine pro RADIUS server setup?

Followed everything, worked well, but when I restrict one use to connect only to specific network, it loses internet. If I assign any permission, then Internet works. How to fix that ?

This is interesting. How is this different than OpenVPN Client Override?

Excellent Briefing...

Thanks Tom, Fantastic tutorial! Is it possible without creating different users to allow a single authentication login that would assign the first connection to connect to a specific address, but allow them to be assigned to a pool if they sign in under multiple devices?

Trying to setup a Radius server on PFSense to do Mac address authentication to allocate VLANs on my home network using PFSense and Unifi so I can move my IOT devices to their own VLAN and if they get moved on my network I don't have to reconfigure/tag ports because something got moved.

losted you completely in the lan config, there was a interface that were not there and now all the sudden we have a LAN2 ????

Is it possible for the pfsense to be on the same device as the freeradius? I'm using my pfsense as a router that is connected to wan.

Thank you for the setup tutorial. I'm unable to sort users inside FreeRadius. They seemed to be listed in the order that they were created. Even the Filters do not work. Is that common or is it my setup? Appreciate any info.

Hey Lawrence, Your videos are really good! Congratulations! Would you know how I can create two requirements for authentication? I'm using freeradius together with open vpn. I've implemented password authentication and it's functional. But along with this I wanted to validate the MacAddress of the device that is connecting. Would you know if it is possible?

What do I have to consider when I'm setting up pfsense HA with pfsync and CARP? Will FreeRadius still work if I set it up on both Firewalls?

How if I want to use EAP along with freeradius? how to configure it?

Hey Lawrence can you do a video freeradius and Captive Portals and accounting with MySQL

edited users file in /usr/loca/etc/raddb/users not reflecting on gui

Anyone here using RADIUS for VLAN steering with 802.1X?

We have some non-commercial pfsense VM servers with openvpn deamons and many remote users connect to them.In each openvpn deamon we use freeradius authentication . The freeradius deamon is also installed in each pfsense VM server but no user database is there and we just use DEFAULT user with openLDAP authentication DEFAULT Auth-Type := LDAP. It works BUT now we need to restrict vpn sessions of remote users to only 1 for each user across all our pfsense VM servers. Is it possible at all in our situation or not ? If not how to accomplish this task with Pfsense environment ? Thank you

Great video!!

With your setup my clients have to enter their login credentials every hour again, if they don't enter, the connection will be terminated. Is there any way around this and do you know why it is happening?

Hey @Lawrence Systems, which is the PS1 extension you use in this Linux? I'm interested in PS1 shell script? Can you share that info? Thanks

Would FreeRadius using clear text to authenticate be an issue?

device 17 cant connect

Thank You For The Video. I would still like to know how to block something like youtube.com on only one IP... like if i wanted to block youtube.com only on the "Amazon Fire TV Stick" .... i would really love a video on that using PFsense... Thank You

i tried to follow what you were doing and why you were doing it, however you are speaking at too high of a level for me to understand. Thank you for making the video, but now i have more questions then before I watched this.

Pfsense :( Barf!