How to setup 2FA for pfSense WebGUI
To set up OTP, you will need an Authenticator app. We have tested and confirmed that the Google Authenticator app will work with pfSense / FreeRADIUS.
Set up 2FA access
Login to the pfSense firewall using your credentials for the user "admin"
Navigate to Services -> FreeRADIUS
3. Edit the user "customer"
Change the OTP Pin to a unique 4-6 digit number (do not keep the default PIN).
Click "Generate QR Code" and scan the QR code using Google Authenticator (This will be used to generate your OTP).
Click "Save"
6. Log out
Testing 2FA Login
Log in with the username "customer"
Your password is the OTP PIN + the OTP generated by Google Authenticator.
Example:
If you set your OTP Pin to 123456, and Google Authenticator is currently displaying the number 777777, your password would be 123456777777
Disable the default user
This user does not have 2FA enabled, so you'll likely want to disable it.
System -> User Manager
Admin / Edit
Tick the box "This user cannot login"
Click "Save"