Windows 2012 R2 NPS-Radius with Pfsense OpenVPN

I got a project recently to deploy Windows 2012 R2 NPS server with Wireless Authentication and I decided to spend some time to study on the Windows 2012 R2 NSP in more detail

Scenario #1  – NPS – Radius (Username & Password Authentication) with PfSense OpenVPN 

Please refer to the following high level steps on the configuration of Windows 2012 R2 NPS-RADIUS

  1. Create a AD Group for VPN users
  2. Enable NPS-RADIUS Features
  3. Register the RADIUS Server in AD
  4. Create a RADIUS Client with Share Secret Key
  5. Create a new Network Policy with processing order = 1 and only allow users in VPN Group to login
  6. Accounting & Logging features in NPS-RADIUS

Add a new “Network Policies” with Process Order “1” and specify the VPN Group allow only users in VPN Group to login via OpenVPN

** Leave other setting as default for this lab

NPS-01.jpg

Accounting & Logging in NSP

  1. Go to “Accounting” and select “Log to a text file on the local computer” – I will test the SQL Server database in my next lab soon

NPS-02.jpg

  1. Please unchecked “If logging failed, discard connection requests” – if enable, users will not be able to login if the logging is failed. Please go to C:\Windows\System32\LogFiles\ to have a look on the detail log files generated

NPS-03.jpg

Please download IAS Viewer or NPS Log Monitor (Trial version) if you would like to view the log files easily as the default log file is abit hard to read

NPS-05.jpg

  1. Filter the following ID 6272, 6273 and 6278 to only focus on Event generated by Network Policy Server

NPS-04.jpg

If the user is no in VPN Group, he / she will be deny to login via the default “Connection to other access servers”

Configuration of OpenVPN on Pfsense 2.2.6 

Please refer to the following steps which I had successfully deploy OpenVPN in my pfsense 2.2.6 by following the reference link below

  1. Setup Authentication Server – Select RADIUS and point it to NPS Server with the Share Secret Key provided
  2. Create Certificate Authority, Server Certificate, User Certification and Revocation Certification
  3. Setup OpenVPN Server, Configure the Firewall and Install OpenVPN Client Export Utility
  4. Prepare the Windows Package and install OpenVPN Client on Windows 10
  5. Connecting to OpenVPN from my Windows 10 machine successfully

Reference link on how to configuration OpenVPN in pfsense

  1. https://vorkbaard.nl/set-up-openvpn-on-pfsense-for-windows-clients-with-certificates-and-user-authentication-via-active-directory-radius/
  2. https://forum.pfsense.org/index.php/topic,42940.0.html

 

Share This