Proxy PAP authentication and encapsulate it as EAP-TTLS
Idan Sheinberg
ishinberg0 at gmail.com
Sat Aug 21 21:48:28 CEST 2021
Hi
We are trying to integrate with JumpCloud's RADIUS services in to order to
provide MFA/2FA integration for OpenVPN services
Our RADIUS client is a PfSense appliance on AWS that doesn't support
EAP-TTLS. Due to the need to support OTP, we are limited to the PAP protocol
What we're interested in doing is setting an intermediary FreeRadius proxy
in between, that'll accept PAP authentication request from our local
appliance and proxy them to the remote endpoint encapsulated in EAP-TTLS
requests (we have the remote endpoint server certificate):
+----------------------+ +----------------------+
+-----------------------------+
| | |
| | |
| PfSense VPN | PAP | FreeRADIUS | EAP-TTLS/PAP |
JumpCloud RADIUS |
| +---------------->
+-------------------------> |
| Appliance | | Proxy |
| Server |
| | |
| | |
+----------------------+ +----------------------+
+-----------------------------+
I've successfully got standard PAP proxying working, but I have no clue as
to how to get EAP-TTLS encapsulation working
1) Is such proxying setup even possible?
2) If so, could anyone please provide me with some general guidelines as to
how to get such setup working?
10x
--
Best Regards
Idan Sheinberg
Professional Coder
More information about the Freeradius-Users
mailing list