0
I have followed many guides online including:
I'm setting up openvpn and radius authentication on a pfsense box. All the guides suggest to use PAP authentication. I'm hoping to hear from the community as to whether or not this is secure. Or, is there a better way to do this?
user277244
Posted 2014-07-29T17:32:30.463
Reputation: 251
1
PAP itself is insecure as the passwords are sent unencrypted. If you transfer it through a TLS connection, all data inside it will be encrypted.
The only weak point you have is the communication between your VPN concentrator and your RADIUS server which will obfuscate data with shared secret.
denisvm
Posted 2014-07-29T17:32:30.463
Reputation: 604
Wikipedia says its insecure. – heavyd – 2014-07-29T17:46:30.313
I know pap by itself is unsecure, but we are using certificates and tls authentication and a shared key between openvpn and the radius server. Hence my question – user277244 – 2014-07-29T18:05:25.927