I have followed many guides online including:
I'm setting up openvpn and radius authentication on a pfsense box. All the guides suggest to use PAP authentication. I'm hoping to hear from the community as to whether or not this is secure. Or, is there a better way to do this?
PAP itself is insecure as the passwords are sent unencrypted. If you transfer it through a TLS connection, all data inside it will be encrypted.
The only weak point you have is the communication between your VPN concentrator and your RADIUS server which will obfuscate data with shared secret.
