Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN RADIUS Problem

    2.0-RC Snapshot Feedback and Problems - RETIRED
    1
    2
    2.6k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      raf
      last edited by

      I've been experiencing issues trying to get OpenVPN to work with my local RADIUS server for authentication. Under backend for authentication I have both my RADIUS server/database and Local Database selected.

      Remotely, I can connect using local users in the user manager in pfSense just fine / without issue.

      Likewise, in pfSense under Diagnostics / Authentication, I can connect to users on my RADIUS server just fine:

      User: vpntest authenticated successfully.
This user is a member of these groups:

      However, if I try to use the very same credentials in OpenVPN, OpenVPN will spit out the following error:

      Fri Jul 22 17:05:06 2011 OpenVPN 2.2.0 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] [IPv6 payload 20110521-1 (2.2.0)] built on May 21 2011
Fri Jul 22 17:05:10 2011 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Fri Jul 22 17:05:10 2011 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Fri Jul 22 17:05:10 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Fri Jul 22 17:05:10 2011 LZO compression initialized
Fri Jul 22 17:05:10 2011 UDPv4 link local (bound): [undef]:1194
Fri Jul 22 17:05:10 2011 UDPv4 link remote: [myserveripaddress]:1194
Fri Jul 22 17:05:10 2011 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Fri Jul 22 17:05:11 2011 [internal-ca] Peer Connection Initiated with [myserveripaddress]:1194
Fri Jul 22 17:05:13 2011 AUTH: Received AUTH_FAILED control message
Fri Jul 22 17:05:13 2011 SIGUSR1[soft,auth-failure] received, process restarting

      In pfSense under the OpenVPN system logs:

      Jul 22 17:15:04 	openvpn: user vpntest could not authenticate.
Jul 22 17:15:04 	openvpn[41046]: [myclientipaddress]:56389 WARNING: Failed running command (--auth-user-pass-verify): external program exited with error status: 255
Jul 22 17:15:04 	openvpn[41046]: [myclientipaddress]:56389 TLS Auth Error: Auth Username/Password verification failed for peer
Jul 22 17:15:04 	openvpn[41046]: [myclientipaddress]:56389 [] Peer Connection Initiated with [AF_INET][myclientipaddress]:56389

      I'm using the default firewall rules for OpenVPN under WAN and LAN created by the OpenVPN wizard. I can't understand how pfSense can connect to my RADIUS server, but when I use OpenVPN it can't… I'm about to pull what's left of my hair out.  :-\

      I've searched and searched online but couldn't find anybody else in a similar predicament. I'm running the latest pfSense 2 snapshot, and the install / setup is only a week or so old (and I'm new to pfSense in general).

      Any wisdom would be very much appreciated!!

      1 Reply Last reply Reply Quote 0
      • R
        raf
        last edited by

        This may be a configuration issue with the Internet Authentication Service on my Windows 2003 Server. If anyone out there has this working with pfsense 2 rc3 and Win Server2003 IAS please let me know, a screenshot of your settings would be very helpful.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post