IPsec Remote Access VPN Example Using IKEv2 with EAP-RADIUS¶

To set up IKEv2 with EAP-RADIUS, follow the directions for IKEv2 with EAP-MSCHAPv2 with a slight variation:

Define a RADIUS server under System > User Manager, Servers tab before starting
Select the RADIUS server on VPN > IPsec, Mobile Clients tab
Check Group Authentication and select Authentication Groups list entries to optionally filter access based on RADIUS group membership
Select EAP-RADIUS for the Authentication method on the Mobile IPsec phase 1 entry

EAP-RADIUS with FreeRADIUS¶

The default settings are OK for this use case. If the defaults do not work, see Using EAP and PEAP with FreeRADIUS

EAP-RADIUS with Windows Network Policy Server (NPS)¶

To allow strongSwan to authenticate against NPS using EAP-MSCHAPv2, alter the NPS policy as follows:

Open Network Policy Server (NPS)
Expand Policies
Click Network Policies
Edit the policy currently in use
Click on the Constraints tab
Click Authentication Methods
Click Add
Select Microsoft: Secured Password (EAP-MSCHAP v2)
Click OK
Click Apply (To restart NPS)
Click OK

Additional Resources v: latest

Languages: en

Versions: latest

Software Documentation: pfSense; TNSR

Product Manuals