Authenticating OpenVPN Users with RADIUS via Active Directory¶
This recipe describes the procedure to setup OpenVPN on pfSense® software with user authentication handled via RADIUS on an Active Directory server.
Setup the Windows Server¶
Setup the Windows Server for an Active Directory role
Add users to the Windows Server (optionally in a common group for VPN users)
Setup the NPS role as described in Authenticating from Active Directory using RADIUS/NPS which allows the Windows Server to handle RADIUS requests
Add Authentication Server¶
Navigate to System > User Manager, Authentication Servers tab
Click Add to create a new entry
Enter the following settings:
- Descriptive name
Active Directory NPS
- Hostname or IP address
198.51.100.30– Replace this with the IP address of the Windows server
- Shared Secret
The password added to the NAS entry in NPS
- Services offered
- Authentication port
Setup OpenVPN Remote Access Server¶
The recipe OpenVPN Remote Access Configuration Example covers the OpenVPN server setup, so there is no need to duplicate the instructions here.
Choose the Active Directory NPS RADIUS authentication server entry during the wizard or configure it as the backend for authentication after completing the wizard.