[Openswan Users] RES: RES: Openswan using Radius server forauthentication

Arnel B. Espanola aespanola at arts.ucla.edu
Mon Jun 2 12:37:12 EDT 2008


I enabled the pppd log and I see more details in it when I tried to 
connect to my vpn server using my radius for authentication. But I still 
don't have clue why it fails as I don't know what are those error codes. 
And I don't see anything on my radius server logs so it means I couldn't 
reach the radius server. The plugin radius.so is executable and 
permissions seem ok on the files you've asked me to verify.

Thanks,
Arnel

Jun  2 09:07:19 vpn xl2tpd[11201]: ourtid = 4635, entropy_buf = 121b
Jun  2 09:07:19 vpn xl2tpd[11201]: ourcid = 28165, entropy_buf = 6e05
Jun  2 09:07:19 vpn xl2tpd[11201]: check_control: control, cid = 0, Ns = 
0, Nr =                                  0
Jun  2 09:07:21 vpn xl2tpd[11201]: ourtid = 7476, entropy_buf = 1d34
Jun  2 09:07:21 vpn xl2tpd[11201]: check_control: control, cid = 0, Ns = 
0, Nr =                                  0
Jun  2 09:07:21 vpn xl2tpd[11201]: control_finish: Peer requested tunnel 
1 twice                                 , ignoring second one.
Jun  2 09:07:21 vpn xl2tpd[11201]: check_control: control, cid = 0, Ns = 
1, Nr =                                  1
Jun  2 09:07:21 vpn xl2tpd[11201]: Connection established to 10.0.1.146, 
1701.                                   Local: 4635, Remote: 1 
(ref=0/0).  LNS session is 'default'
Jun  2 09:07:21 vpn xl2tpd[11201]: check_control: control, cid = 0, Ns = 
2, Nr =                                  1
Jun  2 09:07:21 vpn xl2tpd[11201]: ourcid = 2360, entropy_buf = 938
Jun  2 09:07:21 vpn xl2tpd[11201]: check_control: control, cid = 0, Ns = 
3, Nr =                                  1
Jun  2 09:07:21 vpn xl2tpd[11201]: check_control: control, cid = 1, Ns = 
3, Nr =                                  2
Jun  2 09:07:21 vpn xl2tpd[11201]: start_pppd: I'm running:
Jun  2 09:07:21 vpn xl2tpd[11201]: "/usr/sbin/pppd"
Jun  2 09:07:21 vpn xl2tpd[11201]: "passive"
Jun  2 09:07:21 vpn xl2tpd[11201]: "-detach"
Jun  2 09:07:21 vpn xl2tpd[11201]: "10.0.1.65:10.0.1.70"
Jun  2 09:07:21 vpn xl2tpd[11201]: "refuse-pap"
Jun  2 09:07:21 vpn xl2tpd[11201]: "auth"
Jun  2 09:07:21 vpn xl2tpd[11201]: "require-chap"
Jun  2 09:07:21 vpn xl2tpd[11201]: "name"
Jun  2 09:07:21 vpn xl2tpd[11201]: "pppuser"
Jun  2 09:07:21 vpn xl2tpd[11201]: "debug"
Jun  2 09:07:21 vpn xl2tpd[11201]: "file"
Jun  2 09:07:21 vpn xl2tpd[11201]: "/etc/ppp/options.xl2tpd"
Jun  2 09:07:21 vpn xl2tpd[11201]: "/dev/pts/1"
Jun  2 09:07:21 vpn xl2tpd[11201]: Call established with 10.0.1.146, 
Local: 2360                                 , Remote: 1, Serial: 0
Jun  2 09:07:21 vpn xl2tpd[11201]: check_control: control, cid = 0, Ns = 
4, Nr =                                  2
Jun  2 09:07:21 vpn pppd[22040]: Plugin radius.so loaded.
Jun  2 09:07:21 vpn pppd[22040]: RADIUS plugin initialized.
Jun  2 09:07:21 vpn pppd[22040]: pppd 2.4.4 started by root, uid 0
Jun  2 09:07:21 vpn pppd[22040]: using channel 107
Jun  2 09:07:21 vpn pppd[22040]: Using interface ppp0
Jun  2 09:07:21 vpn pppd[22040]: Connect: ppp0 <--> /dev/pts/1
Jun  2 09:07:21 vpn pppd[22040]: sent [LCP ConfReq id=0x1 <mru 1410> 
<asyncmap 0                                 x0> <auth chap MD5> <magic 
0x3e7be82e> <pcomp> <accomp>]
Jun  2 09:07:21 vpn pppd[22040]: rcvd [LCP ConfReq id=0x0 <mru 1400> 
<magic 0x2b                                 827b2a> <pcomp> <accomp> 
<callback CBCP>]
Jun  2 09:07:21 vpn pppd[22040]: sent [LCP ConfRej id=0x0 <callback CBCP>]
Jun  2 09:07:21 vpn pppd[22040]: rcvd [LCP ConfAck id=0x1 <mru 1410> 
<asyncmap 0                                 x0> <auth chap MD5> <magic 
0x3e7be82e> <pcomp> <accomp>]
Jun  2 09:07:21 vpn pppd[22040]: rcvd [LCP ConfReq id=0x1 <mru 1400> 
<magic 0x2b                                 827b2a> <pcomp> <accomp>]
Jun  2 09:07:21 vpn pppd[22040]: sent [LCP ConfAck id=0x1 <mru 1400> 
<magic 0x2b                                 827b2a> <pcomp> <accomp>]
Jun  2 09:07:21 vpn pppd[22040]: sent [CHAP Challenge id=0x24 
<d6853ec0fdb015738                                 1bc7bd85af509238b>, 
name = "pppuser"]
Jun  2 09:07:21 vpn pppd[22040]: rcvd [LCP Ident id=0x2 magic=0x2b827b2a 
"MSRASV                                 5.10"]
Jun  2 09:07:21 vpn pppd[22040]: rcvd [LCP Ident id=0x3 magic=0x2b827b2a 
"MSRAS-                                 0-ARTS-D610-06"]
Jun  2 09:07:21 vpn pppd[22040]: rcvd [CHAP Response id=0x24 
<142753bdd1814d7b94                                 2514bb7dc79569>, 
name = "arnel"]
Jun  2 09:07:21 vpn pppd[22040]: rc_send_server: bind: 10.0.1.101: 
Permission de                                 nied
Jun  2 09:07:21 vpn pppd[22040]: Peer arnel failed CHAP authentication
Jun  2 09:07:21 vpn pppd[22040]: sent [CHAP Failure id=0x24 ""]
Jun  2 09:07:21 vpn pppd[22040]: sent [LCP TermReq id=0x2 
"Authentication failed                                 "]
Jun  2 09:07:21 vpn xl2tpd[11201]: check_control: control, cid = 1, Ns = 
4, Nr =                                  2
Jun  2 09:07:21 vpn xl2tpd[11201]: control_finish: Connection closed to 
10.0.1.1                                 46, serial 0 ()
Jun  2 09:07:21 vpn xl2tpd[11201]: Untrustingly terminating pppd: 
sending KILL s                                 ignal to pid 22040
Jun  2 09:07:21 vpn xl2tpd[11201]: pppd 22040 successfully terminated
Jun  2 09:07:21 vpn xl2tpd[11201]: check_control: control, cid = 0, Ns = 
5, Nr =                                  2
Jun  2 09:07:21 vpn xl2tpd[11201]: control_finish: Connection closed to 
10.0.1.1                                 46, port 1701 (), Local: 4635, 
Remote: 1


Giovani Moda wrote:
>> May 30 15:31:34 vpn pppd[11331]: Connect: ppp0 <--> /dev/pts/1 May 30
> 15:31:36 vpn pppd[11331]: rc_send_server: bind: >10.0.1.101: Permission
> denied
>  
> "Permission denied" could mean a file permission problem. Is radius.so
> executable? Also check permissions for options.xl2tpd and the files
> under /etc/radiusclient. Make sure the user running pppd has the
> permissions to read the configuration files and execute radius plugin.
> 
> Did you debug your radius server to see if your VPN server attempts a
> connection to it? If it doesn't, the problem isn't your radiusclient
> configuration, it's happening before, at pppd.
> 
> Also try debugging pppd. Add
> 
> debug
> 
> To options.xl2tpd and 
> 
> # The next line writes pppd messages to /var/log/pppd.log
> daemon.*
> /var/log/pppd.log
> 
> To your /etc/syslog.conf. Create the log file (touch /var/log/pppd.log)
> and restart syslogd.
> 
> It should help you trace down the problem.
> 
> Giovani Moda
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan: 
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155


More information about the Users mailing list