Problems with ipsec vpn with radius authentication

pax · Dec 5, 2014, 6:02 PM

Greetings,

I'm trying to set up pfSense for VPN using an external freeRadius server. The problem I am having is that when Radius Rejects the user, pfSense still allows the inbound vpn connection to get established.

Here is an excerpt from the pfSense log:
Dec 5 12:57:36 charon: 04[MGR] IKE_SA con1[38] successfully checked out
Dec 5 12:57:37 charon: user 'fred' could not authenticate.
Dec 5 12:57:37 charon: 04[IKE] <con1|38>XAuth-SCRIPT succeeded for user 'fred'.
Dec 5 12:57:37 charon: 04[IKE] XAuth-SCRIPT succeeded for user 'fred'.

And a line from Radius:
(1) Sent Access-Reject Id 191 from 192.168.3.145:1812 to 192.168.3.158:57087 length 20

I am using the latest version of pfSense 2.2 beta as well as the latest beta of freeradius…

Thank,
Pax.</con1|38>

eri-- · Dec 5, 2014, 6:54 PM

A fix was pushed for this that will come with new snaps and RC.

pax · Dec 5, 2014, 7:36 PM

Great. Thanks!!