[Openswan Users] RES: Openswan using Radius server for authentication

Arnel B. Espanola aespanola at arts.ucla.edu
Fri May 30 18:44:24 EDT 2008 

Hi GBenga,

Thanks for the info. But it's unfortunate that I couldn't make it work 
and I'm getting frustrated. This is the show stopper for me. I don't 
know what I'm doing wrong but configuration wise looks ok. I'm still 
getting the same error message everytime I connect to VPN. I can connect 
to radius server with 'radtest' command from my vpn server. Somehow the 
client unable to reach the radius server. It successfully establishes 
IPSec with the VPN server but fails to reach the radius server for 
authentication.


May 30 15:31:34 vpn pppd[11331]: Plugin radius.so loaded.
May 30 15:31:34 vpn pppd[11331]: RADIUS plugin initialized.
May 30 15:31:34 vpn pppd[11331]: pppd 2.4.4 started by root, uid 0
May 30 15:31:34 vpn pppd[11331]: Using interface ppp0
May 30 15:31:34 vpn pppd[11331]: Connect: ppp0 <--> /dev/pts/1
May 30 15:31:36 vpn pppd[11331]: rc_send_server: bind: 10.0.1.101: 
Permission denied
May 30 15:31:36 vpn pppd[11331]: Peer arnel failed CHAP authentication
May 30 15:31:36 vpn pppd[11331]: Connection terminated.
May 30 15:31:36 vpn xl2tpd[11201]: control_finish: Connection closed to 
10.0.1.146, serial 0 ()
May 30 15:31:36 vpn xl2tpd[11201]: control_finish: Connection closed to 
10.0.1.146, port 1701 (), Local: 4446, Remote: 8

Note:
10.0.1.100 - vpn server
10.0.1.101 - radius server
10.0.1.146 - client

Arnel

Gbenga wrote:
> Hi Arnel,
> I have not access my openswan mail for a while.
> You are nearly done. What has happened, I guess, is that you have not set up your chap authentication well. I have included truncated part of my relevant files.
> You will need to configure the following files:
> 1.]    /etc/ppp/options.l2pd [whatever you call it]
> 2.]    /etc/xl2tpd/xl2tpd.conf [to use relevant ip addresses and options]
> 3.]    /etc/ppp/chap [ there is no need to for this since you are usind radius]
> 4.]    /etc/radiusclient/radiusclient.conf: [the stuff below is what I have in mine.]
> auth_order      radius,local
> login_tries     4
> login_timeout   60
> nologin /etc/nologin
> issue   /etc/radiusclient/issue
> 
> authserver      10.10.1.XX:1812
> acctserver      10.10.1.XX:1813
> servers         /etc/radiusclient/servers
> dictionary      /etc/radiusclient/dictionary
> login_radius    /usr/sbin/login.radius
> seqfile         /var/run/radius.seq
> mapfile         /etc/radiusclient/port-id-map
> default_realm
> radius_timeout  10
> radius_retries  3
> login_local     /bin/login
> 
> 5.]    /etc/radiusclient/servers: [the stuff below is from my file.]
> #Server Name or Client/Server pair              Key
> #----------------                               ---------------
> 10.10.1.XX   [radius server]                                  *****
> 10.10.1.X     [vpn vpn server]                                *****
> 6.]    /etc/ppp/option.l2tpd: [relevant optios]
> ipcp-accept-local
> ipcp-accept-remote
> ms-dns 10.11.0.90
> noccp
> auth
> crtscts
> idle 1800
> mtu 1200
> mru 1200
> nodefaultroute
> debug
> lock
> proxyarp
> connect-delay 5000
> plugin radius.so
> 
> 7.]    /etc/xl2tpd/xl2tpd.conf: [relevant portion]
> 
> [lns default]
> ip range = 10.10.3.128 - 10.10.3.254
> local ip = 10.10.3.100
> require chap = yes
> refuse pap = yes
> require authentication = yes
> ppp debug = yes
> ; some name from ppp users
> name = pppuser
> pppoptfile = /etc/ppp/options.l2tpd
> length bit = yes
> require chap = yes
> refuse pap = yes
> require authentication = no
> ppp debug = yes
> pppoptfile = /etc/ppp/options.l2tpd.client
> length bit = yes
> 
> 8.]     /usr/local/etc/raddb/users [relevant portion]
>         pppuser       Auth-Type := Local, User-Password == "your password"
>                               Service-Type = Framed-User,
>                               Framed-Protocol = PPP
> 9.]    /usr/local/etc/raddb/clients.conf
>          client 10.10.1.57 {
>                                 secret          = secret
>                                 shortname       = vpn_server
>                                 nastype         = other
> }
> 
> I hope this help you. You can also read up on L2TP/VPN at http://www.jacco2.dds.nl/networking/win2000xp-openswan.html. 
> Rgds,
> Gbenga
> 
> Thanks. It fixes the dictionary errors but another error comes up. See 
> the log.
> 
> 
> 
> May 28 09:54:09 vpn pppd[24108]: Plugin radius.so loaded.
> May 28 09:54:09 vpn pppd[24108]: RADIUS plugin initialized.
> May 28 09:54:09 vpn pppd[24108]: Plugin radattr.so loaded.
> May 28 09:54:09 vpn pppd[24108]: RADATTR plugin initialized.
> May 28 09:54:09 vpn pppd[24108]: pppd 2.4.4 started by root, uid 0
> 
> 
> 
>       __________________________________________________________
> Sent from Yahoo! Mail.
> A Smarter Email http://uk.docs.yahoo.com/nowyoucan.html

More information about the Users mailing list