ERROR Openvpn with freeradius
-
Hello,
I have a problem to make a openvpn connection with freeradius authitencatie
I follow this tutorial: http://www.pfsense.org/mirror.php?section=tutorials/openvpn/pfsense-ovpn.pdfThis is my logfile
Sun Sep 21 10:31:37 2008 us=812000 OpenVPN 2.1_rc15 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Nov 19 2008
Sun Sep 21 10:31:37 2008 us=812000 WARNING: –ping should normally be used with --ping-restart or --ping-exit
Sun Sep 21 10:31:37 2008 us=812000 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sun Sep 21 10:31:37 2008 us=937000 LZO compression initialized
Sun Sep 21 10:31:37 2008 us=937000 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
Sun Sep 21 10:31:37 2008 us=937000 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Sun Sep 21 10:31:37 2008 us=937000 Local Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Sun Sep 21 10:31:37 2008 us=937000 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Sun Sep 21 10:31:37 2008 us=937000 Local Options hash (VER=V4): '69109d17'
Sun Sep 21 10:31:37 2008 us=937000 Expected Remote Options hash (VER=V4): 'c0103fa8'
Sun Sep 21 10:31:37 2008 us=937000 Attempting to establish TCP connection with 192.168.xx.xx:1194
Sun Sep 21 10:31:58 2008 us=890000 TCP: connect to 192.168.xx.xx:1194 failed, will try again in 5 seconds: Connection timed out (WSAETIMEDOUT)I hope than somebody can help me.
-
I assume this is the log of the client?
Did you make sure you opened the firewall?
I would not use TCP but UDP.
TCP over TCP is a bad idea and should only be used if there is absolutely no alternative. -
Yes this is the log file of the client,
Now i use UDP.
I opened the following ports:
1194 OpenVpn
1812 Radius
1190 tot 1195.All ports are tcp/udp
-
Is there somebody who can help me?
-
I missed that you want to get it going with FreeRADIUS.
Start here.
http://forum.pfsense.org/index.php/topic,4105.0.html -
I missed that you want to get it going with FreeRADIUS.
Start here.
http://forum.pfsense.org/index.php/topic,4105.0.htmlI follow that tutorial, i used udp. I get another error.
This is my client log:Sun Oct 05 09:27:44 2008 OpenVPN 2.1_rc15 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Nov 19 2008
Sun Oct 05 09:27:44 2008 NOTE: OpenVPN 2.1 requires '–script-security 2' or higher to call user-defined scripts or executables
Sun Oct 05 09:27:45 2008 LZO compression initialized
Sun Oct 05 09:27:45 2008 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sun Oct 05 09:27:45 2008 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Sun Oct 05 09:27:45 2008 Local Options hash (VER=V4): '41690919'
Sun Oct 05 09:27:45 2008 Expected Remote Options hash (VER=V4): '530fdded'
Sun Oct 05 09:27:45 2008 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sun Oct 05 09:27:45 2008 UDPv4 link local: [undef]
Sun Oct 05 09:27:45 2008 UDPv4 link remote: 192.168.xx.xx:1194
Sun Oct 05 09:28:45 2008 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sun Oct 05 09:28:45 2008 TLS Error: TLS handshake failed
Sun Oct 05 09:28:45 2008 TCP/UDP: Closing socket
Sun Oct 05 09:28:45 2008 SIGUSR1[soft,tls-error] received, process restarting
Sun Oct 05 09:28:45 2008 Restart pause, 2 second(s)
Sun Oct 05 09:28:47 2008 NOTE: OpenVPN 2.1 requires '–script-security 2' or higher to call user-defined scripts or executables
Sun Oct 05 09:28:47 2008 Re-using SSL/TLS context
Sun Oct 05 09:28:47 2008 LZO compression initialized
Sun Oct 05 09:28:47 2008 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sun Oct 05 09:28:47 2008 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Sun Oct 05 09:28:47 2008 Local Options hash (VER=V4): '41690919'
Sun Oct 05 09:28:47 2008 Expected Remote Options hash (VER=V4): '530fdded'
Sun Oct 05 09:28:47 2008 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sun Oct 05 09:28:47 2008 UDPv4 link local: [undef]
Sun Oct 05 09:28:47 2008 UDPv4 link remote: 192.168.xx.xx:1194
Sun Oct 05 09:29:12 2008 TCP/UDP: Closing socket
Sun Oct 05 09:29:12 2008 SIGTERM[hard,] received, process exiting -
Do you have somewhere along the path another router/firewall?
The client never can connect to the server which leads me to believe you have somewhere a firewall_configuration/port_forward problem. -
Do you have somewhere along the path another router/firewall?
The client never can connect to the server which leads me to believe you have somewhere a firewall_configuration/port_forward problem.but openvpn works fine before i installed freeradius, so i think that there is something wrong with my freeradius
Found something in my logs:
Mar 3 09:33:31 openvpn[36646]: PLUGIN_INIT: could not load plugin shared object /usr/local/lib/openvpn-auth-pam.so: Cannot open "/usr/local/lib/openvpn-auth-pam.so": Invalid argument (errno=22)
-
Ok this would make sense.
Since the plugin cannot be loaded you cannot connect because the server isn't even running.I myself never actually authenticated against freeRADIUS with OpenVPN.
Maybe you'll find more information about what exactly this message means on the OpenVPN mailinglist/archive. -
I have a new problem but i don't know how to fix it. This is my server log:
Mar 4 08:29:40 openvpn[366]: rad_config: /etc/radius.conf:3: missing newline
Mar 4 08:29:40 openvpn[375]: 192.168.222.x:1162 PLUGIN_CALL: plugin function PLUGIN_AUTH_USER_PASS_VERIFY failed with status 1: /usr/local/lib/openvpn-auth-pam.so
Mar 4 08:29:40 openvpn[375]: 192.168.222.x:1162 TLS Auth Error: Auth Username/Password verification failed for peer
Mar 4 08:29:40 openvpn[375]: 192.168.222.x:1162 [ovpn_client1] Peer Connection Initiated with 192.168.222.244:1162 -
I have a new problem but i don't know how to fix it. This is my server log:
Mar 4 08:29:40 openvpn[366]: rad_config: /etc/radius.conf:3: missing newline
Mar 4 08:29:40 openvpn[375]: 192.168.222.x:1162 PLUGIN_CALL: plugin function PLUGIN_AUTH_USER_PASS_VERIFY failed with status 1: /usr/local/lib/openvpn-auth-pam.so
Mar 4 08:29:40 openvpn[375]: 192.168.222.x:1162 TLS Auth Error: Auth Username/Password verification failed for peer
Mar 4 08:29:40 openvpn[375]: 192.168.222.x:1162 [ovpn_client1] Peer Connection Initiated with 192.168.222.244:1162Is there somebody who can help me to resolv this problem?
-
Maybe you'll find more information about what exactly this message means on the OpenVPN mailinglist/archive.
Since this is an OpenVPN problem and not strictly a pfSense problem :)
Edit: the "missing newline" message.
Did you create the config file on a windows computer and then copied to the the pfSense?
Windows has different newline characters than unix systems.
Try to convert the file with fromdos.
(or use a different editor than notepad that doesnt fsk up :D ) -
Anyone?