VPN / IPsec / Mobile Clients

[q2956]

The Mobile Client IPsec configuration does not work correctly with EAP-RADIUS

Following the manual: https://docs.opnsense.org/manual/how-tos/ipsec-rw-srv-eapradius.html

The Setup does not work with Microsoft NPS (Network Policy Server), because the user password is not being correctly transported to the NPS service.

it seems, the NTLM_AUTH module is missing for this functionality. (mschap: FAILED: No NT-Password. Cannot perform authentication)

If the password is sent correctly to MS NPS, the described functionality in the manual should work properly.

The alternative with local authentication EAP-MSCHAPv2 works fine, all users must be configured on the firewall locally. https://docs.opnsense.org/manual/how-tos/ipsec-rw-srv-mschapv2.html

OPNsense 22.1.4_1-amd64 FreeBSD 13.0-STABLE OpenSSL 1.1.1n 15 Mar 2022 Deciso DEC750

[OPNsense-bot]

Thank you for creating an issue. Since the ticket doesn't seem to be using one of our templates, we're marking this issue as low priority until further notice.

For more information about the policies for this repository, please read https://github.com/opnsense/core/blob/master/CONTRIBUTING.md for further details.

The easiest option to gain traction is to close this ticket and open a new one using one of our templates.

[OPNsense-bot]

This issue has been automatically timed-out (after 180 days of inactivity).

For more information about the policies for this repository, please read https://github.com/opnsense/core/blob/master/CONTRIBUTING.md for further details.

If someone wants to step up and work on this issue, just let us know, so we can reopen the issue and assign an owner to it.