RADIUS use-case scenarios
In this section, we'll look at several device types and the various authentication options and requirements those devices might have, and explore how we can address them all using RADIUS. Let's start with a VPN gateway, using standard user ID and password authentication (don't worry—we won't leave it like that).
VPN authentication using user ID and password
Authentication to VPN services (or, before that, dial-up services) is what most organizations put RADIUS in for in the first place. As time has marched on, however, a single-factor user ID and password login is no longer a safe option for any public-facing service. We'll discuss this in this section, but we'll update it to a more modern approach when we get to our section on MFA.
First, add your VPN gateway (usually your firewall) as a client for RADIUS—add it to your /etc/freeradius/3.0/clients.conf file, like this:
client hqfw01 {
ipaddr...
