Setup Radius For Authentication With A pfSense VPN Server

Open the Server Manager, Click on Manage, and choose Add roles and features.

1. Click Next on the “Before you begin” page if you don't skip the page by default.
2. Choose Role-Based or feature-based installation and click on next.
3. Select the server which get the new feature and click on next.
4. Select Network Policy and Access Services to add the features
5. Click on Next.
6. Click on Next.
7. Select Network Policy Server and click on Next
8. Select Restart if needed ( only when it’s possible to restart ) and click on Install.

Create a new group in the Active Directory named VPN and add users to it.

Open the Server Manager, Click on Tools, then click on Network Policy Server.

1. Click right on NPS (Local) and select Register server in Active Directory
2. Click on OK to continue
3. Click on OK
4. Click on Radius Clients and Servers > Radius Clients (right click) > New
5. Add a device with a shared key to connect. And Click on OK
6. Click on Policies > Network Policies (right click) > New
7. Name the Policy “VPN Access” and click on Next
8. Add a new Condition > Select Windows Groups > click on Add
9. Select the Windows group or groups and click on OK
10. Click on Next
11. Select Access Granted and click on Next
12. On “Configure Authentication Methods”, click on Next.
13. On “Configure Constraints”, click Next.
14. On “Configure Settings”, click Next.
15. Click on finish

Then go to the pfSense VPN Setup.