- Login into the Pfsense admin portal
- Go to "System" -> "Package Manager"
- Go to "Available Packages" and install
- Install the latest version of "freeradius" and "openvpn-client-export"
- Go to "Services" -> FreeRADIUS" -> "Interfaces" -> "Add"
- Don't change the default and save
- Go to "Services" -> FreeRADIUS" -> "NAS / Clients" -> "Add"
- Enter the following information
- Client IP Address = 127.0.0.1
- Client Shortname = Pfsense
- Client Shared Secret =<Create a shared secret>
For the reset of the setting leave them as is.
- Go to "VPN" -> "OpenVPN" -> Wizard"
- For the server type chose "RADIUS" and click "Next"
- For the "RADIUS Authentication Server Parameters" enter the following
- Name = Pfsense
- Hostname or IP address = 127.0.0.1
- Authentication Port = 1812
- Shared Secret = <Client Shared Secret>
Click "Next"
- For CA chose "FreeRADIUS CA" and click "Next"
- For Certificate choose "FreeRADIUS" Server Certificate and click "Next"
- Enter the following
- Endpoint configuration
- Protocol = UDP on IPv4 only
- Interface = WAN
- Local Port = 1194
- Endpoint configuration
- Cryptographic Settings
- Leave as is
- Tunnel Settings
- IPv4 Tunnel Network = 10.0.8.0/24
- Redirect IPv4 Gateway = Disable
- IPv4 Local Network = <The local LAN Subnet>
- Leave the reset setting as is
- Client Settings
- Leave as is
- Advanced Clients Setting
- DNS Default Domain = <AD domain>
- DNS Server 1 = <DC IP>
- Enter more DNS / NTP server as you see fit.
- Leave the reset as is
- Enable the creation of "Firewall rule and OpenVPN rule" and click "Next"
- Click "Finish"
In order to check your new SSL VPN create a user and try to login.