Mikrotik Ovpn with RADIUS

Smoke

3/19/24, 4:33 PM

I need to setup OpenVPN server on a Mikrotik router. The authentication for the clients needs to be done by a Windows RADIUS server.

My problem is that the Mikrotik uses the unencryptrd PAP protocol to comunicate with the RADIUS server when authenticating on behalf of the Ovpn server. It works but is insecure. Meanwhile, for the L2TP server the Mikrotik uses encrypted protocols.

I enabled the PAP on the RADIUS server and it works. Sure, I can create a VPN between the server and the Mikrotik to secure the communication. I want to find out if there is a way to force the Mikrotik to use a secure protocol for the Ovpn as it does for the L2TP?

454

1 + 0

openvpn

mikrotik

radius

Score:0

Server

Hawshemi

3/19/24, 7:34 PM

One option is to use MS-CHAPv2 instead of PAP.

Go to the "PPP" section and click on "Profiles". Edit the profile. change the "Authentication" setting to "MSCHAP2". On the Windows RADIUS server, make sure that MS-CHAPv2 is enabled.

+ 1

Smoke

3/22/24, 8:30 PM

I don't see the "Authentication" option in the profile. I have "PPP Authentication&Accounting" in the "Secrets" section, but I can't choose a protocol from there.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Mikrotik Ovpn with RADIUS

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.