Set up Free Radius on PfSense with two factor authentication for OpenVPN

Рет қаралды 24,127

Күн бұрын

In this video I'll go through how to setup FreeRadius on pfsense for the purposes of using two factor authentication on OpenVPN . Two factor authentication strengthens the security of your VPN connection because a successful connection requires, an SSL certificate, user name, pin code and one time password (Via Google Authenticator in this video)
If you haven't already setup OpenVPN on your PfSense box, please take a look at my previous video here:
• PfSense OpenVPN Config...
In this video I go through the steps of:
Installing FreeRadius 3
Setting up the initial Free Radius parameters
Creating a couple of test users
Testing these users authenticate OK
Setting up the two factor authentication in Free Radius
Installing Google Authenticator on an Android phone
Going through establishing a connection for the first time.
AFFILIATE LINK DISCLOSURE
Some of the links below are Amazon affiliate links. If you click on a link and make a purchase, I may receive a commission. Using this link won't cost you any more and any money earned helps to support this channel.
Items used in this video:
Samsung Galaxy S5 phone
amzn.to/2UUHQp...
MHL cable
amzn.to/3io6nLK
Used in conjunction with the above phone (Which I already owned) to output HDMI to record Google Authenticator setup as the security on the phone stops this being recorded via a screen recorder.
HDMI to USB capture Card
amzn.to/3imO3CR
Used to record from an HDMI source, in this case via the MHL cable plugged into the Galaxy S5 phone
Screen and HDMI capture was done using OBS Studio:
obsproject.com/
Intro and Outro video was filmed using a OnePlus 5 phone with software from Iriun to capture video into OBS Studio
amzn.to/3zlrpBC
iriun.com/
Sound was recorded using a Boya BY-M1 lapel microphone with Audacity
amzn.to/3Bs637F
www.audacityte...
For lighting I used 3 x 70 LED photography lights:
amzn.to/3rmhGbC
Video production was done using Cyberlink Power Director 19 Ultimate
amzn.to/3kxw4w1
Hardware used for PfSense
amzn.to/36SjxeF

Пікірлер: 34

@dusanvuckovic9888 3 жыл бұрын

Man you should continue doing this . Its been a while since I watched a tutorial and it worked first time out. Really! . Excellent .

@ethangender 10 ай бұрын

after days and days searching i found you by accident! your explanation its very concrete with no circles and detailed! congratulations!

@homeassistantiptv8068 3 жыл бұрын

Excellent steps and perfect speed, thank you

@RobertSloan 3 жыл бұрын

Glad it was helpful!

@TheIceturk 2 жыл бұрын

hi, ldap + Free Radius on PfSense with two factor authentication for OpenVPN my question is ldap + PfSense with two factor authentication support and method help pls

@compthing5656 7 ай бұрын

better than any other out there. Really!

@djotade 7 ай бұрын

Excellent setup guide working first time. Thank you very much for sharing.

@paulk9532 2 жыл бұрын

"a successful connection requires, an SSL certificate, user name, pin code and one time password" But at 6:50 you disabled the TLS certificate requirement, allowing users to connect without a unique cert, so isn't this just username, pin, and otp code?

@TheCpufixer 2 ай бұрын

How do I prevent clients from disconnecting? Because of the MFA, they can't reconnect without entering a new password? The disconnecting after an hour only started after implementing FreeRadius

@gigilari2376 8 ай бұрын

good morning, Can you implement access via complex password and otp instead of pin+opt? the second solution seems unsafe to me.

@TheCpufixer 3 ай бұрын

Can the Microsoft Authenticator be used instead of Google? Will this work if my users don't want to use an authenticator App? What about the encryption provided by the user certificate? Does that go away since new users are being created without certs?

@slackmoon 4 ай бұрын

Awesome. Thanks a lot! It works well done

@ngocnguyenit 12 күн бұрын

How setup to ldap + otp on pfsense or if free radius+ user can change password+ otp, pls help me🎉🎉

@abdurahimshoyimov9711 24 күн бұрын

Very Good tutorial, thank you very much. You are time sasver

@yogeshmishra5219 2 жыл бұрын

You gave the perfect explanation !!

@TradersTradingEdge 2 жыл бұрын

Excellent, thanks and continue your great explanation videos!

@escuderon 2 жыл бұрын

Hey There, any way to do this same thing but using an Active Directory backend for users instead of freeraduis local DB?

@paulk9532 2 жыл бұрын

FreeRadius supports both LDAP or AD via LDAP if you set some extra options. But the OTP support in FreeRadius is internal can't be tied to another auth provider.

@akramazad5137 3 жыл бұрын

You completely escaped the OpenVPN, I followed your tutorial step by step but doesn’t work it was great if you did it step-by-step

@RobertSloan 3 жыл бұрын

Could you tell me at what point you had the issue. I mentioned in my intro that if you hadn't already setup OpenVPN to refer to my previous video on how to set this up.

@greatsystem1820 2 жыл бұрын

Hi, It's not working for me I have configured the same steps but it is giving me error of TLS handshake failed, could you please help me out to fix this. I need to configure OpenVPN with SAML authentication for my office.

@ngocnguyenit Күн бұрын

how to user can change password?

@heiaheiaheiahei Жыл бұрын

easy to follow and setup , thanks.

@BrianThomas 2 жыл бұрын

Is there a way to configure MFA on the web configuration (GUI) to limit admin access?

@emre-durgut 2 жыл бұрын

How we can disable PIN and login only by using username and Google Authenticator rolling code?

@bsem68 Жыл бұрын

Works great, but is there a way for users to generate their own OTP code?

@woolloomoolooable 11 ай бұрын

Thank you!

@andersnilsson601 Жыл бұрын

Anyone that knows how to keep the VPN connection up for longer than an hour or so? It seems to timeout if not used... I have tried to Custom option "reneg-sec 43200;" in the VPN server section