[Openswan Users] RES: Openswan using Radius server for authentication

Gbenga stjames08 at yahoo.co.uk
Fri May 30 20:24:55 EDT 2008 

Hi Arnel,

Can you post your relevant configuration files (you can mask sensitive data if you want). Your issue will get a quicker resolution if people can see your files. I think you will need to post your [1.] /etc/ppp/chaps-secrets. [2.] /etc/xl2tpd/xl2tpd.conf  [3.] ipsec conn section for roadwarrior [4.] /etc/ppp/options.xl2tpd

I suspect that you have misconfigured something in your ppp/chap/xl2tpd files.

Rgds,
Gbenga



IPSec with the VPN server but fails to reach the radius server for 
authentication.


May 30 15:31:34 vpn pppd[11331]: Plugin radius.so loaded.
May 30 15:31:34 vpn pppd[11331]: RADIUS plugin initialized.
May 30 15:31:34 vpn pppd[11331]: pppd 2.4.4 started by root, uid 0
May 30 15:31:34 vpn pppd[11331]: Using interface ppp0
May 30 15:31:34 vpn pppd[11331]: Connect: ppp0 <--> /dev/pts/1
May 30 15:31:36 vpn pppd[11331]: rc_send_server: bind: 10.0.1.101: 
Permission denied
May 30 15:31:36 vpn pppd[11331]: Peer arnel failed CHAP authentication
May 30 15:31:36 vpn pppd[11331]: Connection terminated.
May 30 15:31:36 vpn xl2tpd[11201]: control_finish: Connection closed to 
10.0.1.146, serial 0 ()
May 30 15:31:36 vpn xl2tpd[11201]: control_finish: Connection closed to 
10.0.1.146, port 1701 (), Local: 4446, Remote: 8

Note:
10.0.1.100 - vpn server
10.0.1.101 - radius server
10.0.1.146 - client

Arnel

Gbenga wrote:
> Hi Arnel,
> I have not access my openswan mail for a while.
> You are nearly done. What has happened, I guess, is that you have not set up your chap authentication well. I have included truncated part of my relevant files.
> You will need to configure the following files:
> 1.]    /etc/ppp/options.l2pd [whatever you call it]
> 2.]    /etc/xl2tpd/xl2tpd.conf [to use relevant ip addresses and options]
> 3.]    /etc/ppp/chap [ there is no need to for this since you are usind radius]
> 4.]    /etc/radiusclient/radiusclient.conf: [the stuff below is what I have in mine.]
> auth_order      radius,local
> login_tries     4
> login_timeout   60
> nologin /etc/nologin
> issue   /etc/radiusclient/issue
> 
> authserver      10.10.1.XX:1812
> acctserver      10.10.1.XX:1813
> servers         /etc/radiusclient/servers
> dictionary      /etc/radiusclient/dictionary
> login_radius    /usr/sbin/login.radius
> seqfile         /var/run/radius.seq
> mapfile         /etc/radiusclient/port-id-map
> default_realm
> radius_timeout  10
> radius_retries  3
> login_local     /bin/login
> 
> 5.]    /etc/radiusclient/servers: [the stuff below is from my file.]
> #Server Name or Client/Server pair              Key
> #----------------                               ---------------
> 10.10.1.XX   [radius server]                                  *****
> 10.10.1.X     [vpn vpn server]                                *****
> 6.]    /etc/ppp/option.l2tpd: [relevant optios]
> ipcp-accept-local
> ipcp-accept-remote
> ms-dns 10.11.0.90
> noccp
> auth
> crtscts
> idle 1800
> mtu 1200
> mru 1200
> nodefaultroute
> debug
> lock
> proxyarp
> connect-delay 5000
> plugin radius.so
> 
> 7.]    /etc/xl2tpd/xl2tpd.conf: [relevant portion]
> 
> [lns default]
> ip range = 10.10.3.128 - 10.10.3.254
> local ip = 10.10.3.100
> require chap = yes
> refuse pap = yes
> require authentication = yes
> ppp debug = yes
> ; some name from ppp users
> name = pppuser
> pppoptfile = /etc/ppp/options.l2tpd
> length bit = yes
> require chap = yes
> refuse pap = yes
> require authentication = no
> ppp debug = yes
> pppoptfile = /etc/ppp/options.l2tpd.client
> length bit = yes
> 
> 8.]     /usr/local/etc/raddb/users [relevant portion]
>         pppuser       Auth-Type := Local, User-Password == "your password"
>                               Service-Type = Framed-User,
>                               Framed-Protocol = PPP
> 9.]    /usr/local/etc/raddb/clients.conf
>          client 10.10.1.57 {
>                                 secret          = secret
>                                 shortname       = vpn_server
>                                 nastype         = other
> }
> 
> I hope this help you. You can also read up on L2TP/VPN at http://www.jacco2.dds.nl/networking/win2000xp-openswan.html. 
> Rgds,
> Gbenga
> 
> Thanks. It fixes the dictionary errors but another error comes up. See 
> the log.
> 
> 
> 
> May 28 09:54:09 vpn pppd[24108]: Plugin radius.so loaded.
> May 28 09:54:09 vpn pppd[24108]: RADIUS plugin initialized.
> May 28 09:54:09 vpn pppd[24108]: Plugin radattr.so loaded.
> May 28 09:54:09 vpn pppd[24108]: RADATTR plugin initialized.
> May 28 09:54:09 vpn pppd[24108]: pppd 2.4.4 started by root, uid 0
> 
> 
> 
>       __________________________________________________________
> Sent from Yahoo! Mail.
> A Smarter Email http://uk.docs.yahoo.com/nowyoucan.html



      __________________________________________________________
Sent from Yahoo! Mail.
A Smarter Email http://uk.docs.yahoo.com/nowyoucan.html

More information about the Users mailing list