[Openswan Users] RES: Openswan using Radius server for authentication

Thu May 29 06:50:04 EDT 2008

Hi Arnel,
I have not access my openswan mail for a while.
You are nearly done. What has happened, I guess, is that you have not set up your chap authentication well. I have included truncated part of my relevant files.
You will need to configure the following files:
1.]    /etc/ppp/options.l2pd [whatever you call it]
2.]    /etc/xl2tpd/xl2tpd.conf [to use relevant ip addresses and options]
3.]    /etc/ppp/chap [ there is no need to for this since you are usind radius]
4.]    /etc/radiusclient/radiusclient.conf: [the stuff below is what I have in mine.]
auth_order      radius,local
login_tries     4
login_timeout   60
nologin /etc/nologin
issue   /etc/radiusclient/issue

authserver      10.10.1.XX:1812
acctserver      10.10.1.XX:1813
servers         /etc/radiusclient/servers
dictionary      /etc/radiusclient/dictionary
login_radius    /usr/sbin/login.radius
seqfile         /var/run/radius.seq
mapfile         /etc/radiusclient/port-id-map
default_realm
radius_timeout  10
radius_retries  3
login_local     /bin/login

5.]    /etc/radiusclient/servers: [the stuff below is from my file.]
#Server Name or Client/Server pair              Key
#----------------                               ---------------
10.10.1.XX   [radius server]                                  *****
10.10.1.X     [vpn vpn server]                                *****
6.]    /etc/ppp/option.l2tpd: [relevant optios]
ipcp-accept-local
ipcp-accept-remote
ms-dns 10.11.0.90
noccp
auth
crtscts
idle 1800
mtu 1200
mru 1200
nodefaultroute
debug
lock
proxyarp
connect-delay 5000
plugin radius.so

7.]    /etc/xl2tpd/xl2tpd.conf: [relevant portion]

[lns default]
ip range = 10.10.3.128 - 10.10.3.254
local ip = 10.10.3.100
require chap = yes
refuse pap = yes
require authentication = yes
ppp debug = yes
; some name from ppp users
name = pppuser
pppoptfile = /etc/ppp/options.l2tpd
length bit = yes
require chap = yes
refuse pap = yes
require authentication = no
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd.client
length bit = yes

8.]     /usr/local/etc/raddb/users [relevant portion]
        pppuser       Auth-Type := Local, User-Password == "your password"
                              Service-Type = Framed-User,
                              Framed-Protocol = PPP
9.]    /usr/local/etc/raddb/clients.conf
         client 10.10.1.57 {
                                secret          = secret
                                shortname       = vpn_server
                                nastype         = other
}

I hope this help you. You can also read up on L2TP/VPN at http://www.jacco2.dds.nl/networking/win2000xp-openswan.html. 
Rgds,
Gbenga

Thanks. It fixes the dictionary errors but another error comes up. See 
the log.

May 28 09:54:09 vpn pppd[24108]: Plugin radius.so loaded.
May 28 09:54:09 vpn pppd[24108]: RADIUS plugin initialized.
May 28 09:54:09 vpn pppd[24108]: Plugin radattr.so loaded.
May 28 09:54:09 vpn pppd[24108]: RADATTR plugin initialized.
May 28 09:54:09 vpn pppd[24108]: pppd 2.4.4 started by root, uid 0

      __________________________________________________________
Sent from Yahoo! Mail.
A Smarter Email http://uk.docs.yahoo.com/nowyoucan.html