Problems with ipsec vpn with radius authentication
I'm trying to set up pfSense for VPN using an external freeRadius server. The problem I am having is that when Radius Rejects the user, pfSense still allows the inbound vpn connection to get established.
Here is an excerpt from the pfSense log:
Dec 5 12:57:36 charon: 04[MGR] IKE_SA con1 successfully checked out
Dec 5 12:57:37 charon: user 'fred' could not authenticate.
Dec 5 12:57:37 charon: 04[IKE] <con1|38>XAuth-SCRIPT succeeded for user 'fred'.
Dec 5 12:57:37 charon: 04[IKE] XAuth-SCRIPT succeeded for user 'fred'.
And a line from Radius:
(1) Sent Access-Reject Id 191 from 192.168.3.145:1812 to 192.168.3.158:57087 length 20
I am using the latest version of pfSense 2.2 beta as well as the latest beta of freeradius…
A fix was pushed for this that will come with new snaps and RC.