ERROR Openvpn with freeradius



  • Hello,

    I have a problem to make a openvpn connection with freeradius authitencatie
    I follow this tutorial: http://www.pfsense.org/mirror.php?section=tutorials/openvpn/pfsense-ovpn.pdf

    This is my logfile

    Sun Sep 21 10:31:37 2008 us=812000 OpenVPN 2.1_rc15 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Nov 19 2008
    Sun Sep 21 10:31:37 2008 us=812000 WARNING: –ping should normally be used with --ping-restart or --ping-exit
    Sun Sep 21 10:31:37 2008 us=812000 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
    Sun Sep 21 10:31:37 2008 us=937000 LZO compression initialized
    Sun Sep 21 10:31:37 2008 us=937000 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
    Sun Sep 21 10:31:37 2008 us=937000 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
    Sun Sep 21 10:31:37 2008 us=937000 Local Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
    Sun Sep 21 10:31:37 2008 us=937000 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
    Sun Sep 21 10:31:37 2008 us=937000 Local Options hash (VER=V4): '69109d17'
    Sun Sep 21 10:31:37 2008 us=937000 Expected Remote Options hash (VER=V4): 'c0103fa8'
    Sun Sep 21 10:31:37 2008 us=937000 Attempting to establish TCP connection with 192.168.xx.xx:1194
    Sun Sep 21 10:31:58 2008 us=890000 TCP: connect to 192.168.xx.xx:1194 failed, will try again in 5 seconds: Connection timed out (WSAETIMEDOUT)

    I hope than somebody can help me.



  • I assume this is the log of the client?
    Did you make sure you opened the firewall?
    I would not use TCP but UDP.
    TCP over TCP is a bad idea and should only be used if there is absolutely no alternative.



  • Yes this is the log file of the client,
    Now i use UDP.
    I opened the following ports:
    1194 OpenVpn
    1812 Radius
    1190 tot 1195.

    All ports are tcp/udp



  • Is there somebody who can help me?



  • I missed that you want to get it going with FreeRADIUS.

    Start here.
    http://forum.pfsense.org/index.php/topic,4105.0.html



  • @GruensFroeschli:

    I missed that you want to get it going with FreeRADIUS.

    Start here.
    http://forum.pfsense.org/index.php/topic,4105.0.html

    I follow that tutorial, i used udp. I get another error.
    This is my client log:

    Sun Oct 05 09:27:44 2008 OpenVPN 2.1_rc15 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Nov 19 2008
    Sun Oct 05 09:27:44 2008 NOTE: OpenVPN 2.1 requires '–script-security 2' or higher to call user-defined scripts or executables
    Sun Oct 05 09:27:45 2008 LZO compression initialized
    Sun Oct 05 09:27:45 2008 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
    Sun Oct 05 09:27:45 2008 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
    Sun Oct 05 09:27:45 2008 Local Options hash (VER=V4): '41690919'
    Sun Oct 05 09:27:45 2008 Expected Remote Options hash (VER=V4): '530fdded'
    Sun Oct 05 09:27:45 2008 Socket Buffers: R=[8192->8192] S=[8192->8192]
    Sun Oct 05 09:27:45 2008 UDPv4 link local: [undef]
    Sun Oct 05 09:27:45 2008 UDPv4 link remote: 192.168.xx.xx:1194
    Sun Oct 05 09:28:45 2008 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    Sun Oct 05 09:28:45 2008 TLS Error: TLS handshake failed
    Sun Oct 05 09:28:45 2008 TCP/UDP: Closing socket
    Sun Oct 05 09:28:45 2008 SIGUSR1[soft,tls-error] received, process restarting
    Sun Oct 05 09:28:45 2008 Restart pause, 2 second(s)
    Sun Oct 05 09:28:47 2008 NOTE: OpenVPN 2.1 requires '–script-security 2' or higher to call user-defined scripts or executables
    Sun Oct 05 09:28:47 2008 Re-using SSL/TLS context
    Sun Oct 05 09:28:47 2008 LZO compression initialized
    Sun Oct 05 09:28:47 2008 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
    Sun Oct 05 09:28:47 2008 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
    Sun Oct 05 09:28:47 2008 Local Options hash (VER=V4): '41690919'
    Sun Oct 05 09:28:47 2008 Expected Remote Options hash (VER=V4): '530fdded'
    Sun Oct 05 09:28:47 2008 Socket Buffers: R=[8192->8192] S=[8192->8192]
    Sun Oct 05 09:28:47 2008 UDPv4 link local: [undef]
    Sun Oct 05 09:28:47 2008 UDPv4 link remote: 192.168.xx.xx:1194
    Sun Oct 05 09:29:12 2008 TCP/UDP: Closing socket
    Sun Oct 05 09:29:12 2008 SIGTERM[hard,] received, process exiting



  • Do you have somewhere along the path another router/firewall?
    The client never can connect to the server which leads me to believe you have somewhere a firewall_configuration/port_forward problem.



  • @GruensFroeschli:

    Do you have somewhere along the path another router/firewall?
    The client never can connect to the server which leads me to believe you have somewhere a firewall_configuration/port_forward problem.

    but openvpn works fine before i installed freeradius, so i think that there is something wrong with my freeradius

    Found something in my logs:

    Mar 3 09:33:31 openvpn[36646]: PLUGIN_INIT: could not load plugin shared object /usr/local/lib/openvpn-auth-pam.so: Cannot open "/usr/local/lib/openvpn-auth-pam.so": Invalid argument (errno=22)



  • Ok this would make sense.
    Since the plugin cannot be loaded you cannot connect because the server isn't even running.

    I myself never actually authenticated against freeRADIUS with OpenVPN.
    Maybe you'll find more information about what exactly this message means on the OpenVPN mailinglist/archive.



  • I have a new problem but i don't know how to fix it. This is my server log:

    Mar 4 08:29:40 openvpn[366]: rad_config: /etc/radius.conf:3: missing newline
    Mar 4 08:29:40 openvpn[375]: 192.168.222.x:1162 PLUGIN_CALL: plugin function PLUGIN_AUTH_USER_PASS_VERIFY failed with status 1: /usr/local/lib/openvpn-auth-pam.so
    Mar 4 08:29:40 openvpn[375]: 192.168.222.x:1162 TLS Auth Error: Auth Username/Password verification failed for peer
    Mar 4 08:29:40 openvpn[375]: 192.168.222.x:1162 [ovpn_client1] Peer Connection Initiated with 192.168.222.244:1162



  • @richard005:

    I have a new problem but i don't know how to fix it. This is my server log:

    Mar 4 08:29:40 openvpn[366]: rad_config: /etc/radius.conf:3: missing newline
    Mar 4 08:29:40 openvpn[375]: 192.168.222.x:1162 PLUGIN_CALL: plugin function PLUGIN_AUTH_USER_PASS_VERIFY failed with status 1: /usr/local/lib/openvpn-auth-pam.so
    Mar 4 08:29:40 openvpn[375]: 192.168.222.x:1162 TLS Auth Error: Auth Username/Password verification failed for peer
    Mar 4 08:29:40 openvpn[375]: 192.168.222.x:1162 [ovpn_client1] Peer Connection Initiated with 192.168.222.244:1162

    Is there somebody who can help me to resolv this problem?



  • Maybe you'll find more information about what exactly this message means on the OpenVPN mailinglist/archive.

    Since this is an OpenVPN problem and not strictly a pfSense problem :)

    Edit: the "missing newline" message.
    Did you create the config file on a windows computer and then copied to the the pfSense?
    Windows has different newline characters than unix systems.
    Try to convert the file with fromdos.
    (or use a different editor than notepad that doesnt fsk up :D )



  • Anyone?


Log in to reply