diff --git a/src/opnsense/mvc/app/library/OPNsense/Auth/Radius.php b/src/opnsense/mvc/app/library/OPNsense/Auth/Radius.php
index 25f5edebd6f..041d8bcfb71 100644
--- a/src/opnsense/mvc/app/library/OPNsense/Auth/Radius.php
+++ b/src/opnsense/mvc/app/library/OPNsense/Auth/Radius.php
@@ -27,6 +27,7 @@
  */
 
 namespace OPNsense\Auth;
+require_once("interfaces.inc");
 
 /**
  * Class Radius connector
@@ -69,6 +70,11 @@ class Radius extends Base implements IAuthConnector
      */
     private $callingStationId = null;
 
+    /**
+     * @var string ip addess to use for NAS-IP-Address attribute
+     */
+    private $nasIpAddress = null;
+
     /**
      * @var int timeout to use
      */
@@ -165,6 +171,7 @@ public function setProperties($config)
             'radius_acct_port' => 'acctPort',
             'radius_protocol' => 'protocol',
             'radius_stationid' => 'calledStationId',
+            'radius_nasipaddress' => 'nasIpAddress',
             'refid' => 'nasIdentifier'
         );
 
@@ -210,6 +217,31 @@ public function getConfigurationOptions()
                 return [];
             }
         };
+
+        $options['radius_nasipaddress'] = [];
+        $options['radius_nasipaddress']['name'] = gettext('NAS IP address');
+        $options['radius_nasipaddress']['type'] = 'dropdown';
+        $options['radius_nasipaddress']['default'] = '';
+        $options['radius_nasipaddress']['options'] = [null => ''];
+        $interfaces = get_configured_interface_with_descr();
+
+        // Create options list using interface IPs
+        foreach($interfaces as $if => $descr) {
+            $ip = get_interface_ip($if);
+            $options['radius_nasipaddress']['options'] += [$ip => "$descr - $ip"];
+        }
+
+        $options['radius_nasipaddress']['validate'] = function ($value) {
+            $interfaces = get_configured_interface_with_descr();
+            $ips = [];
+            foreach($interfaces as $if => $descr)
+                $ips[] = get_interface_ip($if);
+            if(!empty($value) && !in_array($value, $ips)) {
+                return [gettext('Invalid address specified')];
+            } else {
+                return [];
+            }
+        };
         return $options;
     }
 
@@ -501,18 +533,18 @@ public function authenticate($username, $password)
             $error = radius_strerror($radius);
         } elseif (!radius_put_int($radius, RADIUS_SERVICE_TYPE, RADIUS_LOGIN)) {
             $error = radius_strerror($radius);
-        } elseif (!radius_put_int($radius, RADIUS_FRAMED_PROTOCOL, RADIUS_ETHERNET)) {
-            $error = radius_strerror($radius);
         } elseif (!radius_put_string($radius, RADIUS_NAS_IDENTIFIER, $this->nasIdentifier)) {
             $error = radius_strerror($radius);
         } elseif (!radius_put_int($radius, RADIUS_NAS_PORT, 0)) {
             $error = radius_strerror($radius);
-        } elseif (!radius_put_int($radius, RADIUS_NAS_PORT_TYPE, RADIUS_ETHERNET)) {
+        } elseif (!radius_put_int($radius, RADIUS_NAS_PORT_TYPE, RADIUS_VIRTUAL)) {
             $error = radius_strerror($radius);
         } elseif (!empty($this->calledStationId) && !radius_put_string($radius, RADIUS_CALLED_STATION_ID, $this->calledStationId)) {
             $error = radius_strerror($radius);
         } elseif (!empty($this->callingStationId) && !radius_put_string($radius, RADIUS_CALLING_STATION_ID, $this->callingStationId)) {
             $error = radius_strerror($radius);
+        } elseif (!empty($this->nasIpAddress) && !radius_put_addr($radius, RADIUS_NAS_IP_ADDRESS, $this->nasIpAddress)) {
+            $error = radius_stderror($radius);
         } else {
             // Implement extra protocols in this section.
             switch ($this->protocol) {