I am trying to use Duo Security with their "push" authentication, which can take quite a while. Is there a way to configure how long pfSense waits for a Radius authentication server before assuming failure?
I've setup a Radius authentication server in pfSense to talk to a Duo Authentication Proxy to provide Authentication services. If I use this set up with pass codes generated in advance by Duo Security it all works well, I can authenticate, the VPN connects and traffic flows.
With "push" security I cannot connect. The connection attempt in the client times out before I can complete the push authentication in the Duo client. The logs for the Duo Proxy Authentication record everything was successful, but the time stamps show the complete after the timeout in the VPN client.
I also get the same time out problem if I use Diagnostics->Authentication in pfSense - it reports failure long before I've completed the Duo push authentication. Again the logs for the Duo Authentication Proxy show success.