Pfsense + Openvpn + Freeradius (cant get this working)



  • Im new to this forum so sorry if im doing something wrong. Im a intern at a company and i got the project to make a Pfsense with openvpn and freeradius authentication. After a days work i got most of it working i qeus but im stuck at a certain point.

    After following the how to's:
    For free radius i used this: http://www.fusionnetwork.us/index.php/component/content/article/15-general-tutorials/23-pfsense-openvpn-freeradius
    And for the beginning of setting up openvpn i used: http://doc.pfsense.org/index.php/VPN_Capability_OpenVPN
    After following these how to's im coming to a point where i cant find the solution anymore i tried google and these forums but no succes.

    So the error im getting is:

    Client's Side:

    Wed Nov 18 14:56:39 2009 OpenVPN 2.1_rc21 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Nov 12 2009
    Wed Nov 18 14:56:49 2009 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
    Wed Nov 18 14:56:49 2009 NOTE: OpenVPN 2.1 requires '–script-security 2' or higher to call user-defined scripts or executables
    Wed Nov 18 14:56:50 2009 LZO compression initialized
    Wed Nov 18 14:56:50 2009 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
    Wed Nov 18 14:56:50 2009 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
    Wed Nov 18 14:56:50 2009 Local Options hash (VER=V4): '41690919'
    Wed Nov 18 14:56:50 2009 Expected Remote Options hash (VER=V4): '530fdded'
    Wed Nov 18 14:56:50 2009 Socket Buffers: R=[8192->8192] S=[8192->8192]
    Wed Nov 18 14:56:50 2009 UDPv4 link local: [undef]
    Wed Nov 18 14:56:50 2009 UDPv4 link remote: 192.168.1.245:1194
    Wed Nov 18 14:56:50 2009 TLS: Initial packet from 192.168.1.245:1194, sid=0e26100b 9632d0fb
    Wed Nov 18 14:56:50 2009 WARNING: this configuration may cache passwords in memory – use the auth-nocache option to prevent this
    Wed Nov 18 14:56:50 2009 VERIFY OK: depth=1, /C=NL/ST=ZH/L=Rotterdam/O=Pfsense/CN=Pfsense-CA/emailAddress=stephanmom@gmail.com
    Wed Nov 18 14:56:50 2009 VERIFY OK: depth=0, /C=NL/ST=ZH/O=Pfsense/CN=ovpn_client1/emailAddress=stephanmom@gmail.com
    Wed Nov 18 14:56:52 2009 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Wed Nov 18 14:56:52 2009 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Wed Nov 18 14:56:52 2009 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Wed Nov 18 14:56:52 2009 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Wed Nov 18 14:56:52 2009 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
    Wed Nov 18 14:56:52 2009 [ovpn_client1] Peer Connection Initiated with 192.168.1.245:1194
    Wed Nov 18 14:56:54 2009 SENT CONTROL [ovpn_client1]: 'PUSH_REQUEST' (status=1)
    Wed Nov 18 14:56:54 2009 AUTH: Received AUTH_FAILED control message
    Wed Nov 18 14:56:54 2009 TCP/UDP: Closing socket
    Wed Nov 18 14:56:54 2009 SIGTERM[soft,auth-failure] received, process exiting
    Wed Nov 18 14:56:57 2009 OpenVPN 2.1_rc21 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Nov 12 2009

    Server's side:

    Nov 18 14:56:53 Firewall openvpn[1741]: 192.168.1.126:1271 Re-using SSL/TLS context
    Nov 18 14:56:53 Firewall openvpn[1741]: 192.168.1.126:1271 LZO compression initialized
    Nov 18 14:56:56 Firewall openvpn[1741]: 192.168.1.126:1271 PLUGIN_CALL: plugin function PLUGIN_AUTH_USER_PASS_VERIFY failed with status 1: /usr/local/lib/openvpn-auth-pam.so
    Nov 18 14:56:56 Firewall openvpn[1741]: 192.168.1.126:1271 TLS Auth Error: Auth Username/Password verification failed for peer
    Nov 18 14:56:56 Firewall openvpn[1741]: 192.168.1.126:1271 [ovpn_client1] Peer Connection Initiated with 192.168.1.126:1271

    If more infformation is needed please let me know. I got openvpn working without freeradius so im thinking it has something to do with freeradius settings.

    Stephan



  • Follow this howto:
    http://doc.pfsense.org/index.php/Using_OpenVPN_With_FreeRADIUS

    (except replace the RADIUS server on pfSense with your own RADIUS server)


Log in to reply