ERROR Openvpn with freeradius

richard005 · Feb 17, 2009, 10:07 AM

Yes this is the log file of the client,
Now i use UDP.
I opened the following ports:
1194 OpenVpn
1812 Radius
1190 tot 1195.

All ports are tcp/udp

richard005 · Mar 2, 2009, 6:57 AM

Is there somebody who can help me?

GruensFroeschli · Mar 2, 2009, 2:49 PM

I missed that you want to get it going with FreeRADIUS.

Start here.
http://forum.pfsense.org/index.php/topic,4105.0.html

richard005 · Mar 3, 2009, 8:45 AM

@GruensFroeschli:

I missed that you want to get it going with FreeRADIUS.

Start here.
http://forum.pfsense.org/index.php/topic,4105.0.html

I follow that tutorial, i used udp. I get another error.
This is my client log:

Sun Oct 05 09:27:44 2008 OpenVPN 2.1_rc15 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Nov 19 2008
Sun Oct 05 09:27:44 2008 NOTE: OpenVPN 2.1 requires '–script-security 2' or higher to call user-defined scripts or executables
Sun Oct 05 09:27:45 2008 LZO compression initialized
Sun Oct 05 09:27:45 2008 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sun Oct 05 09:27:45 2008 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Sun Oct 05 09:27:45 2008 Local Options hash (VER=V4): '41690919'
Sun Oct 05 09:27:45 2008 Expected Remote Options hash (VER=V4): '530fdded'
Sun Oct 05 09:27:45 2008 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sun Oct 05 09:27:45 2008 UDPv4 link local: [undef]
Sun Oct 05 09:27:45 2008 UDPv4 link remote: 192.168.xx.xx:1194
Sun Oct 05 09:28:45 2008 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sun Oct 05 09:28:45 2008 TLS Error: TLS handshake failed
Sun Oct 05 09:28:45 2008 TCP/UDP: Closing socket
Sun Oct 05 09:28:45 2008 SIGUSR1[soft,tls-error] received, process restarting
Sun Oct 05 09:28:45 2008 Restart pause, 2 second(s)
Sun Oct 05 09:28:47 2008 NOTE: OpenVPN 2.1 requires '–script-security 2' or higher to call user-defined scripts or executables
Sun Oct 05 09:28:47 2008 Re-using SSL/TLS context
Sun Oct 05 09:28:47 2008 LZO compression initialized
Sun Oct 05 09:28:47 2008 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sun Oct 05 09:28:47 2008 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Sun Oct 05 09:28:47 2008 Local Options hash (VER=V4): '41690919'
Sun Oct 05 09:28:47 2008 Expected Remote Options hash (VER=V4): '530fdded'
Sun Oct 05 09:28:47 2008 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sun Oct 05 09:28:47 2008 UDPv4 link local: [undef]
Sun Oct 05 09:28:47 2008 UDPv4 link remote: 192.168.xx.xx:1194
Sun Oct 05 09:29:12 2008 TCP/UDP: Closing socket
Sun Oct 05 09:29:12 2008 SIGTERM[hard,] received, process exiting

GruensFroeschli · Mar 3, 2009, 9:26 AM

Do you have somewhere along the path another router/firewall?
The client never can connect to the server which leads me to believe you have somewhere a firewall_configuration/port_forward problem.

richard005 · Mar 3, 2009, 10:15 AM

@GruensFroeschli:

Do you have somewhere along the path another router/firewall?
The client never can connect to the server which leads me to believe you have somewhere a firewall_configuration/port_forward problem.

but openvpn works fine before i installed freeradius, so i think that there is something wrong with my freeradius

Found something in my logs:

Mar 3 09:33:31 openvpn[36646]: PLUGIN_INIT: could not load plugin shared object /usr/local/lib/openvpn-auth-pam.so: Cannot open "/usr/local/lib/openvpn-auth-pam.so": Invalid argument (errno=22)

GruensFroeschli · Mar 3, 2009, 11:45 AM

Ok this would make sense.
Since the plugin cannot be loaded you cannot connect because the server isn't even running.

I myself never actually authenticated against freeRADIUS with OpenVPN.
Maybe you'll find more information about what exactly this message means on the OpenVPN mailinglist/archive.

richard005 · Mar 4, 2009, 7:33 AM

I have a new problem but i don't know how to fix it. This is my server log:

Mar 4 08:29:40 openvpn[366]: rad_config: /etc/radius.conf:3: missing newline
Mar 4 08:29:40 openvpn[375]: 192.168.222.x:1162 PLUGIN_CALL: plugin function PLUGIN_AUTH_USER_PASS_VERIFY failed with status 1: /usr/local/lib/openvpn-auth-pam.so
Mar 4 08:29:40 openvpn[375]: 192.168.222.x:1162 TLS Auth Error: Auth Username/Password verification failed for peer
Mar 4 08:29:40 openvpn[375]: 192.168.222.x:1162 [ovpn_client1] Peer Connection Initiated with 192.168.222.244:1162

richard005 · Mar 9, 2009, 7:04 AM

@richard005:

I have a new problem but i don't know how to fix it. This is my server log:

Mar 4 08:29:40 openvpn[366]: rad_config: /etc/radius.conf:3: missing newline
Mar 4 08:29:40 openvpn[375]: 192.168.222.x:1162 PLUGIN_CALL: plugin function PLUGIN_AUTH_USER_PASS_VERIFY failed with status 1: /usr/local/lib/openvpn-auth-pam.so
Mar 4 08:29:40 openvpn[375]: 192.168.222.x:1162 TLS Auth Error: Auth Username/Password verification failed for peer
Mar 4 08:29:40 openvpn[375]: 192.168.222.x:1162 [ovpn_client1] Peer Connection Initiated with 192.168.222.244:1162

Is there somebody who can help me to resolv this problem?

GruensFroeschli · Mar 9, 2009, 8:13 AM

Maybe you'll find more information about what exactly this message means on the OpenVPN mailinglist/archive.

Since this is an OpenVPN problem and not strictly a pfSense problem :)

Edit: the "missing newline" message.
Did you create the config file on a windows computer and then copied to the the pfSense?
Windows has different newline characters than unix systems.
Try to convert the file with fromdos.
(or use a different editor than notepad that doesnt fsk up :D )

richard005 · Mar 9, 2009, 8:21 AM

Anyone?