A while ago I wrote an article on using PFSense with windows IAS to authenticate VPN clients. Well, I’m now moving over to Server 2008 R2 which no longer supports IAS, but instead supports Network Policy Server (NPS).
There is a nice guide here on how to install Network Policy Server but basically all you have to do is go to server manager and then add roles and add in the Network Policy Server.
Once that’s installed you can then configure it in a similar way to IAS was.
Navigate to: Server Manager > Roles > Network Policy and Access Services > NPS (Local) > RADIUS Clients and Servers
Then configure new radius client with the following details:
Friendly Name : PFSense
IP Address: x.x.x.x (Local IP Address of your PFSense box)
Shared secret: Whatever you specify on the PFSense box
Leave the rest as default settings and OK it.
Then you want to add a new network policy, I called it PFSense. Select Remote Access Server (VPN-Dial up), then in conditions I added the group “Remote Access VPN” (This is so I can easily control who has dial in access). I also added NAS Port Type = VPN and then finally selected grant access to this.
Then under EAP types leave the default authentication methods selected. I also added a 60 minute idle timeout and that was it.
All that’s left to do is to change the IP on PFsense box and you’re away. That’s the last role I had on my the 2K3 boxes so it can now be shut down for the last time.
You can then connect in remotely as before.
