|
From: | Neville Collins |
Subject: | [Radiusplugin-users] Setup Help - £50 Donation o n offer. |
Date: | Sun, 29 Jan 2012 11:23:34 +0000 |
User-agent: | Microsoft-MacOutlook/14.14.0.111121 |
Hi All, This my first posting to this list as a Newbie and I'm respectfully questioning some help for a small donation of £50 There are so many hits on Google for this, but I'm just sure which one I should follow as none that I find seem complete. I just cannot get this working. Currently I have no issues with FreeRadius/MySQL as I've got friends authenticating using either PPTP or L2TP through POPTOP without issues and all accounting records are being sent back to the radius server, I just cannot get the OpenVPN setup working, which would be GREAT…. I looking to authenticate all users via Radius Username / Password and not having to give each client a Certificate, just the ca.crt to each client. I have OpenVPN 2.2.2 installed, compiled from source to a RPM and installed. I have RadiusPlugin v2.1a-beta1, compiled and installed. # service start openvpn gives me a [FAILED] error, but there are 3 processes running. ps –ef | grep openvpn root 6053 1 0 11:05 pts/33 00:00:00 /usr/sbin/openvpn --daemon --writepid /var/run/openvpn/server.pid --config server.conf --cd /etc/openvpn root 6054 1 0 11:05 pts/33 00:00:00 /usr/sbin/openvpn --daemon --writepid /var/run/openvpn/server.pid --config server.conf --cd /etc/openvpn nobody 6060 1 0 11:05 ? 00:00:00 /usr/sbin/openvpn --daemon --writepid /var/run/openvpn/server.pid --config server.conf --cd /etc/openvpn /var/log/openvpn.log Sun Jan 29 11:05:40 2012 OpenVPN 2.2.2 x86_64-redhat-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] built on Jan 29 2012 Sun Jan 29 11:05:40 2012 Sorry, 'Auth' password cannot be read from a file Sun Jan 29 11:05:40 2012 Exiting /var/log/openvpn/radiusvpn.log Sun Jan 29 11:05:40 2012 OpenVPN 2.2.2 x86_64-redhat-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] built on Jan 29 2012 Sun Jan 29 11:05:40 2012 MANAGEMENT: TCP Socket listening on 127.0.0.1:7505 Sun Jan 29 11:05:40 2012 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and ear lier used 5000 as the default port. Sun Jan 29 11:05:40 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables Sun Jan 29 11:05:40 2012 RADIUS-PLUGIN: Configfile name: /etc/openvpn/radiusplugin.cnf. Sun Jan 29 11:05:40 2012 PLUGIN_INIT: POST /etc/openvpn/radiusplugin.so '[/etc/openvpn/radiusplugin.so] [/etc/openvpn/radiusplugin.cnf]' intercepted=PLUGIN_AUT H_USER_PASS_VERIFY|PLUGIN_CLIENT_CONNECT|PLUGIN_CLIENT_DISCONNECT Sun Jan 29 11:05:40 2012 Diffie-Hellman initialized with 1024 bit key Sun Jan 29 11:05:40 2012 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ] Sun Jan 29 11:05:40 2012 Socket Buffers: R=[129024->131072] S=[129024->131072] Sun Jan 29 11:05:40 2012 ROUTE default_gateway=109.123.99.129 Sun Jan 29 11:05:40 2012 TUN/TAP device tun0 opened Sun Jan 29 11:05:40 2012 TUN/TAP TX queue length set to 100 Sun Jan 29 11:05:40 2012 /sbin/ifconfig tun0 10.10.0.1 pointopoint 10.10.0.2 mtu 1500 Sun Jan 29 11:05:40 2012 /sbin/route add -net 10.10.0.0 netmask 255.255.255.0 gw 10.10.0.2 Sun Jan 29 11:05:40 2012 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ] Sun Jan 29 11:05:40 2012 GID set to nogroup Sun Jan 29 11:05:40 2012 UID set to nobody Sun Jan 29 11:05:40 2012 UDPv4 link local (bound): [undef]:1194 Sun Jan 29 11:05:40 2012 UDPv4 link remote: [undef] Sun Jan 29 11:05:40 2012 MULTI: multi_init called, r=256 v=256 Sun Jan 29 11:05:40 2012 IFCONFIG POOL: base=10.10.0.4 size=62 Sun Jan 29 11:05:40 2012 Initialization Sequence Completed /var/log/openvpn/status.log OpenVPN CLIENT LIST Updated,Sun Jan 29 11:12:20 2012 Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since ROUTING TABLE Virtual Address,Common Name,Real Address,Last Ref GLOBAL STATS Max bcast/mcast queue length,0 END /etc/openvpn/server.conf # Which device dev tun fast-io user nobody group nogroup persist-tun persist-key server 10.10.0.0 255.255.255.0 management 127.0.0.1 7505 float username-as-common-name client-config-dir ccd client-to-client push "redirect-gateway def1" push "dhcp-option NTP 10.10.0.1" push "dhcp-option DOMAIN lan" push "dhcp-option DNS 10.10.0.1" ping-timer-rem keepalive 10 60 # Use compression comp-lzo # Strong encryption ;tls-server ;tls-auth ssl/ta.key 0 dh ssl/dh1024.pem cert ssl/server.crt key ssl/server.key ca ssl/ca.crt plugin /etc/openvpn/radiusplugin.so /etc/openvpn/radiusplugin.cnf verb 3 mute 10 status /var/log/openvpn/status.log 1 log /var/log/openvpn/radiusvpn.log /etc/openvpn/client.conf # Which device dev tun fast-io persist-key persist-tun replay-persist radiusvpn.d/cur-replay-protection.cache # Our remote peer nobind remote <HIER_REMOTE_ADRESSE_DES_OPENVPN_SERVERS> 1194 pull # Use compression comp-lzo # Strong encryption tls-client tls-remote server ns-cert-type server tls-auth ssl/ta.key 1 cert ssl/common.crt key ssl/common.key ca ssl/ca.crt verb 3 mute 10 auth-user-pass radiusvpn.d/auth-user-pass.conf up /etc/openvpn/update-resolv-conf down /etc/openvpn/update-resolv-conf /etc/openvpn/radiusplugin.cnf NAS-Identifier=OpenVpn Service-Type=5 Framed-Protocol=1 NAS-Port-Type=5 NAS-IP-Address=XX.XX.XX.XX OpenVPNConfig=/etc/openvpn/server.conf subnet=255.255.255.0 overwriteccfiles=true nonfatalaccounting=false server { # The UDP port for radius accounting. acctport=1813 # The UDP port for radius authentication. authport=1812 # The name or ip address of the radius server. name=XX.XX.XX.XX # How many times should the plugin send the if there is no response? retry=1 # How long should the plugin wait for a response? wait=1 # The shared secret. sharedsecret=XXXXXXXX } The file /etc/openvpn/radiusvpn.d/auth-user-pass.conf is Empty. Any one that is able to provide me with a quick solution to this today, as I only get to test this over the weekends, I would happily donate £50 to their PayPal account just get this working as I'm sure this is just a configuration issue with the relevant config files. Thanks to anyone that responds with a solution. Nev |
[Prev in Thread] | Current Thread | [Next in Thread] |