OpenVPN RADIUS Problem
I've been experiencing issues trying to get OpenVPN to work with my local RADIUS server for authentication. Under backend for authentication I have both my RADIUS server/database and Local Database selected.
Remotely, I can connect using local users in the user manager in pfSense just fine / without issue.
Likewise, in pfSense under Diagnostics / Authentication, I can connect to users on my RADIUS server just fine:
User: vpntest authenticated successfully. This user is a member of these groups:
However, if I try to use the very same credentials in OpenVPN, OpenVPN will spit out the following error:
Fri Jul 22 17:05:06 2011 OpenVPN 2.2.0 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] [IPv6 payload 20110521-1 (2.2.0)] built on May 21 2011 Fri Jul 22 17:05:10 2011 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port. Fri Jul 22 17:05:10 2011 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Fri Jul 22 17:05:10 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables Fri Jul 22 17:05:10 2011 LZO compression initialized Fri Jul 22 17:05:10 2011 UDPv4 link local (bound): [undef]:1194 Fri Jul 22 17:05:10 2011 UDPv4 link remote: [myserveripaddress]:1194 Fri Jul 22 17:05:10 2011 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Fri Jul 22 17:05:11 2011 [internal-ca] Peer Connection Initiated with [myserveripaddress]:1194 Fri Jul 22 17:05:13 2011 AUTH: Received AUTH_FAILED control message Fri Jul 22 17:05:13 2011 SIGUSR1[soft,auth-failure] received, process restarting
In pfSense under the OpenVPN system logs:
Jul 22 17:15:04 openvpn: user vpntest could not authenticate. Jul 22 17:15:04 openvpn: [myclientipaddress]:56389 WARNING: Failed running command (--auth-user-pass-verify): external program exited with error status: 255 Jul 22 17:15:04 openvpn: [myclientipaddress]:56389 TLS Auth Error: Auth Username/Password verification failed for peer Jul 22 17:15:04 openvpn: [myclientipaddress]:56389  Peer Connection Initiated with [AF_INET][myclientipaddress]:56389
I'm using the default firewall rules for OpenVPN under WAN and LAN created by the OpenVPN wizard. I can't understand how pfSense can connect to my RADIUS server, but when I use OpenVPN it can't… I'm about to pull what's left of my hair out. :-\
I've searched and searched online but couldn't find anybody else in a similar predicament. I'm running the latest pfSense 2 snapshot, and the install / setup is only a week or so old (and I'm new to pfSense in general).
Any wisdom would be very much appreciated!!
This may be a configuration issue with the Internet Authentication Service on my Windows 2003 Server. If anyone out there has this working with pfsense 2 rc3 and Win Server2003 IAS please let me know, a screenshot of your settings would be very helpful.