radiusplugin-users
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Radiusplugin-users] Setup Help - £50 Donation o n offer.

From: Neville Collins
Subject: [Radiusplugin-users] Setup Help - £50 Donation o n offer.
Date: Sun, 29 Jan 2012 11:23:34 +0000
User-agent: Microsoft-MacOutlook/14.14.0.111121
Hi All,

This my first posting to this list as a Newbie and I'm respectfully questioning some help for a small donation of £50

There are so many hits on Google for this, but I'm just sure which one I should follow as none that I find seem complete.

I just cannot get this working.

Currently I have no issues with FreeRadius/MySQL as I've got friends authenticating using either PPTP or L2TP through POPTOP without issues and all accounting records are being sent back to the radius server, I just cannot get the OpenVPN setup working, which would be GREAT….

I looking to authenticate all users via Radius Username / Password and not having to give each client a Certificate, just the ca.crt to each client.

I have OpenVPN 2.2.2 installed, compiled from source to a RPM and installed.
I have RadiusPlugin v2.1a-beta1, compiled and installed.

# service start openvpn gives me a [FAILED] error, but there are 3 processes running.

ps –ef | grep openvpn

root      6053     1  0 11:05 pts/33   00:00:00 /usr/sbin/openvpn --daemon --writepid /var/run/openvpn/server.pid --config server.conf --cd /etc/openvpn
root      6054     1  0 11:05 pts/33   00:00:00 /usr/sbin/openvpn --daemon --writepid /var/run/openvpn/server.pid --config server.conf --cd /etc/openvpn
nobody    6060     1  0 11:05 ?        00:00:00 /usr/sbin/openvpn --daemon --writepid /var/run/openvpn/server.pid --config server.conf --cd /etc/openvpn

/var/log/openvpn.log

Sun Jan 29 11:05:40 2012 OpenVPN 2.2.2 x86_64-redhat-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] built on Jan 29 2012
Sun Jan 29 11:05:40 2012 Sorry, 'Auth' password cannot be read from a file
Sun Jan 29 11:05:40 2012 Exiting

/var/log/openvpn/radiusvpn.log

Sun Jan 29 11:05:40 2012 OpenVPN 2.2.2 x86_64-redhat-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] built on Jan 29 2012
Sun Jan 29 11:05:40 2012 MANAGEMENT: TCP Socket listening on 127.0.0.1:7505
Sun Jan 29 11:05:40 2012 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and ear
lier used 5000 as the default port.
Sun Jan 29 11:05:40 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sun Jan 29 11:05:40 2012 RADIUS-PLUGIN: Configfile name: /etc/openvpn/radiusplugin.cnf.
Sun Jan 29 11:05:40 2012 PLUGIN_INIT: POST /etc/openvpn/radiusplugin.so '[/etc/openvpn/radiusplugin.so] [/etc/openvpn/radiusplugin.cnf]' intercepted=PLUGIN_AUT
H_USER_PASS_VERIFY|PLUGIN_CLIENT_CONNECT|PLUGIN_CLIENT_DISCONNECT 
Sun Jan 29 11:05:40 2012 Diffie-Hellman initialized with 1024 bit key
Sun Jan 29 11:05:40 2012 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sun Jan 29 11:05:40 2012 Socket Buffers: R=[129024->131072] S=[129024->131072]
Sun Jan 29 11:05:40 2012 ROUTE default_gateway=109.123.99.129
Sun Jan 29 11:05:40 2012 TUN/TAP device tun0 opened
Sun Jan 29 11:05:40 2012 TUN/TAP TX queue length set to 100
Sun Jan 29 11:05:40 2012 /sbin/ifconfig tun0 10.10.0.1 pointopoint 10.10.0.2 mtu 1500
Sun Jan 29 11:05:40 2012 /sbin/route add -net 10.10.0.0 netmask 255.255.255.0 gw 10.10.0.2
Sun Jan 29 11:05:40 2012 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Sun Jan 29 11:05:40 2012 GID set to nogroup
Sun Jan 29 11:05:40 2012 UID set to nobody
Sun Jan 29 11:05:40 2012 UDPv4 link local (bound): [undef]:1194
Sun Jan 29 11:05:40 2012 UDPv4 link remote: [undef]
Sun Jan 29 11:05:40 2012 MULTI: multi_init called, r=256 v=256
Sun Jan 29 11:05:40 2012 IFCONFIG POOL: base=10.10.0.4 size=62
Sun Jan 29 11:05:40 2012 Initialization Sequence Completed

/var/log/openvpn/status.log

OpenVPN CLIENT LIST
Updated,Sun Jan 29 11:12:20 2012
Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since
ROUTING TABLE
Virtual Address,Common Name,Real Address,Last Ref
GLOBAL STATS
Max bcast/mcast queue length,0
END

/etc/openvpn/server.conf

# Which device
dev tun
fast-io

user nobody
group nogroup
persist-tun
persist-key

server 10.10.0.0 255.255.255.0
management 127.0.0.1 7505
float

username-as-common-name
client-config-dir ccd
client-to-client

push "redirect-gateway def1"
push "dhcp-option NTP 10.10.0.1"
push "dhcp-option DOMAIN lan"
push "dhcp-option DNS 10.10.0.1"

ping-timer-rem
keepalive 10 60

# Use compression
comp-lzo

# Strong encryption
;tls-server
;tls-auth ssl/ta.key 0
dh ssl/dh1024.pem
cert ssl/server.crt
key ssl/server.key
ca ssl/ca.crt

plugin /etc/openvpn/radiusplugin.so /etc/openvpn/radiusplugin.cnf

verb 3
mute 10

status /var/log/openvpn/status.log 1
log /var/log/openvpn/radiusvpn.log


/etc/openvpn/client.conf

# Which device
dev tun
fast-io

persist-key
persist-tun
replay-persist radiusvpn.d/cur-replay-protection.cache

# Our remote peer
nobind
remote <HIER_REMOTE_ADRESSE_DES_OPENVPN_SERVERS> 1194

pull

# Use compression
comp-lzo

# Strong encryption
tls-client
tls-remote server
ns-cert-type server
tls-auth ssl/ta.key 1
cert ssl/common.crt
key ssl/common.key
ca ssl/ca.crt

verb 3
mute 10

auth-user-pass radiusvpn.d/auth-user-pass.conf

up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf


/etc/openvpn/radiusplugin.cnf

NAS-Identifier=OpenVpn
Service-Type=5
Framed-Protocol=1
NAS-Port-Type=5
NAS-IP-Address=XX.XX.XX.XX
OpenVPNConfig=/etc/openvpn/server.conf
subnet=255.255.255.0
overwriteccfiles=true
nonfatalaccounting=false
server
{
        # The UDP port for radius accounting.
        acctport=1813
        # The UDP port for radius authentication.
        authport=1812
        # The name or ip address of the radius server.
        name=XX.XX.XX.XX
        # How many times should the plugin send the if there is no response?
        retry=1
        # How long should the plugin wait for a response?
        wait=1
        # The shared secret.
        sharedsecret=XXXXXXXX
}


The file /etc/openvpn/radiusvpn.d/auth-user-pass.conf is Empty.

Any one that is able to provide me with a quick solution to this today, as I only get to test this over the weekends, I would happily donate £50 to their PayPal account just get this working as I'm sure this is just a configuration issue with the relevant config files.

Thanks to anyone that responds with a solution.

Nev









reply via email to
[Prev in Thread] Current Thread [Next in Thread]