RADIUS (Remote Authentication Dial In User Service) is an Internet standard defined in RFC 2865. Internet service providers use RADIUS to authenticate dial-in users. Free performance testing tools are available as well as free trials for paid platforms. Most testing tools are priced according to the number of virtual users available for a testing scenario. Additionally testing legacy systems or varied and sophisticated systems can increase cost.
Important
Netgate is offering COVID-19 aid for pfSense software users, learn more.
Testing the FreeRADIUS Package ona pfSense® firewall.
Test Configuration¶
At a minimum, testing FreeRADIUS requires A User, an Interface, and aNAS/Client.
Add a User with the following configuration:
- Username
testuser- Password
testpassword
Add a Client/NAS with the following configuration:
- IP Address
127.0.0.1- Shared Secret
testing123
Add an Interface with the following configuration:
- IP Address
127.0.0.1- Interface Type
Auth
- Port
1812
GUI Test¶
The easiest way to test is by using Diagnostics > Authentication in the GUI.
First, add a RADIUS server entry to the user manager as described inAuthentication Servers.
Navigate to System > User Manager, Authentication Servers tab
Fill in the settings to match the entry in FreeRADIUS:
- Descriptive Name
FreeRADIUS- Type
RADIUS
- Hostname or IP Address
127.0.0.1- Shared Secret
testing123- Services Offered
Authentication
- Authentication Port
1812
Click Save
Radius Client Software
Next, perform the GUI test:
Navigate to Diagnostics > Authentication
Set Authentication Server to the RADIUS server in the user manager
Fill in the Username and Password
Click Test
If the test succeeds, the GUI prints a success message:
The system log will also contain a message indicating a successful login:
Netgate is offering COVID-19 aid for pfSense software users, learn more.
Testing the FreeRADIUS Package ona pfSense® firewall.
Test Configuration¶
At a minimum, testing FreeRADIUS requires A User, an Interface, and aNAS/Client.
Add a User with the following configuration:
- Username
testuser- Password
testpassword
Add a Client/NAS with the following configuration:
- IP Address
127.0.0.1- Shared Secret
testing123
Add an Interface with the following configuration:
- IP Address
127.0.0.1- Interface Type
Auth
- Port
1812
GUI Test¶
The easiest way to test is by using Diagnostics > Authentication in the GUI.
First, add a RADIUS server entry to the user manager as described inAuthentication Servers.
Navigate to System > User Manager, Authentication Servers tab
Fill in the settings to match the entry in FreeRADIUS:
- Descriptive Name
FreeRADIUS- Type
RADIUS
- Hostname or IP Address
127.0.0.1- Shared Secret
testing123- Services Offered
Authentication
- Authentication Port
1812
Click Save
Radius Client Software
Next, perform the GUI test:
Navigate to Diagnostics > Authentication
Set Authentication Server to the RADIUS server in the user manager
Fill in the Username and Password
Click Test
If the test succeeds, the GUI prints a success message:
The system log will also contain a message indicating a successful login:
If the test fails, the GUI prints a failure message:
Authentication failed.
The system log will also contain a message indicating failure:
CLI Test¶
FreeRADIUS offers an easy to use command line tool to check if the server isrunning and listening to incoming requests.
SSH to the firewall, start a shell, and type in the following command:
The following output will appear if the test succeeds:
The Access-Accept portion of the output is the most relevant.
Free Radius Mapping Tool
Check the system log for the following output:
If a part of the test fails, such as incorrect username, then the test commandoutput will look like the following:
Test Radius Powershell
The Accesss-Reject packet indicates that the server rejected the attempt,and the system log will contain the following output:
