Can anyone point me to documentation which describes how to configure Mac Server VPN to use multi-factor authentication (via Radius client, or any other means)? I don't see any settings through the Server GUI for this. I'm guessing there are config files somewhere for it but don't know where to start looking.
Mac Pro, OS X El Capitan (10.11.1)
If you mean the VPN server in Server.app then this is a very, very simple and these days very limited VPN server and cannot do this, nor can it do Certificates, nor can it do IPSec or IKEv2. Sadly Apple's own VPN server is these days so limited and so lacking in modern features it is not really suitable for businesses to use and is only adequate for simple home setups. 😟
If you mean configure the VPN client on client Macs via say Profile Manager pushing settings to the client Mac, then it can do this although RADIUS is not listed. (SecurID is listed.)
You will need to use an alternative and more sophisticated VPN server. This could be a software one like StrongSwan5, or one built-in to a hardware device.
Note: It is not possible to bypass the Server.app interface and 'turn on' extra features like this on a Mac server, the features simply do not exist in it.
How to configure Mac Server VPN with MFA?
