0

I have followed many guides online including:

http://blog.stefcho.eu/?p=545

I'm setting up openvpn and radius authentication on a pfsense box. All the guides suggest to use PAP authentication. I'm hoping to hear from the community as to whether or not this is secure. Or, is there a better way to do this?

user277244
  • 261
  • 2
  • 7
  • 25
  • [Wikipedia](https://en.wikipedia.org/wiki/Password_authentication_protocol) says its insecure. – heavyd Jul 29 '14 at 17:46
  • I know pap by itself is unsecure, but we are using certificates and tls authentication and a shared key between openvpn and the radius server. Hence my question – user277244 Jul 29 '14 at 18:05

1 Answers1

1

PAP itself is insecure as the passwords are sent unencrypted. If you transfer it through a TLS connection, all data inside it will be encrypted.

The only weak point you have is the communication between your VPN concentrator and your RADIUS server which will obfuscate data with shared secret.

denisvm
  • 634
  • 3
  • 8