Pfsense + Openvpn + Freeradius (cant get this working)
-
Im new to this forum so sorry if im doing something wrong. Im a intern at a company and i got the project to make a Pfsense with openvpn and freeradius authentication. After a days work i got most of it working i qeus but im stuck at a certain point.
After following the how to's:
For free radius i used this: http://www.fusionnetwork.us/index.php/component/content/article/15-general-tutorials/23-pfsense-openvpn-freeradius
And for the beginning of setting up openvpn i used: http://doc.pfsense.org/index.php/VPN_Capability_OpenVPN
After following these how to's im coming to a point where i cant find the solution anymore i tried google and these forums but no succes.So the error im getting is:
Client's Side:
Wed Nov 18 14:56:39 2009 OpenVPN 2.1_rc21 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Nov 12 2009
Wed Nov 18 14:56:49 2009 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Wed Nov 18 14:56:49 2009 NOTE: OpenVPN 2.1 requires '–script-security 2' or higher to call user-defined scripts or executables
Wed Nov 18 14:56:50 2009 LZO compression initialized
Wed Nov 18 14:56:50 2009 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed Nov 18 14:56:50 2009 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Nov 18 14:56:50 2009 Local Options hash (VER=V4): '41690919'
Wed Nov 18 14:56:50 2009 Expected Remote Options hash (VER=V4): '530fdded'
Wed Nov 18 14:56:50 2009 Socket Buffers: R=[8192->8192] S=[8192->8192]
Wed Nov 18 14:56:50 2009 UDPv4 link local: [undef]
Wed Nov 18 14:56:50 2009 UDPv4 link remote: 192.168.1.245:1194
Wed Nov 18 14:56:50 2009 TLS: Initial packet from 192.168.1.245:1194, sid=0e26100b 9632d0fb
Wed Nov 18 14:56:50 2009 WARNING: this configuration may cache passwords in memory – use the auth-nocache option to prevent this
Wed Nov 18 14:56:50 2009 VERIFY OK: depth=1, /C=NL/ST=ZH/L=Rotterdam/O=Pfsense/CN=Pfsense-CA/emailAddress=stephanmom@gmail.com
Wed Nov 18 14:56:50 2009 VERIFY OK: depth=0, /C=NL/ST=ZH/O=Pfsense/CN=ovpn_client1/emailAddress=stephanmom@gmail.com
Wed Nov 18 14:56:52 2009 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Nov 18 14:56:52 2009 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Nov 18 14:56:52 2009 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Nov 18 14:56:52 2009 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Nov 18 14:56:52 2009 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Wed Nov 18 14:56:52 2009 [ovpn_client1] Peer Connection Initiated with 192.168.1.245:1194
Wed Nov 18 14:56:54 2009 SENT CONTROL [ovpn_client1]: 'PUSH_REQUEST' (status=1)
Wed Nov 18 14:56:54 2009 AUTH: Received AUTH_FAILED control message
Wed Nov 18 14:56:54 2009 TCP/UDP: Closing socket
Wed Nov 18 14:56:54 2009 SIGTERM[soft,auth-failure] received, process exiting
Wed Nov 18 14:56:57 2009 OpenVPN 2.1_rc21 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Nov 12 2009Server's side:
Nov 18 14:56:53 Firewall openvpn[1741]: 192.168.1.126:1271 Re-using SSL/TLS context
Nov 18 14:56:53 Firewall openvpn[1741]: 192.168.1.126:1271 LZO compression initialized
Nov 18 14:56:56 Firewall openvpn[1741]: 192.168.1.126:1271 PLUGIN_CALL: plugin function PLUGIN_AUTH_USER_PASS_VERIFY failed with status 1: /usr/local/lib/openvpn-auth-pam.so
Nov 18 14:56:56 Firewall openvpn[1741]: 192.168.1.126:1271 TLS Auth Error: Auth Username/Password verification failed for peer
Nov 18 14:56:56 Firewall openvpn[1741]: 192.168.1.126:1271 [ovpn_client1] Peer Connection Initiated with 192.168.1.126:1271If more infformation is needed please let me know. I got openvpn working without freeradius so im thinking it has something to do with freeradius settings.
Stephan
-
Follow this howto:
http://doc.pfsense.org/index.php/Using_OpenVPN_With_FreeRADIUS(except replace the RADIUS server on pfSense with your own RADIUS server)