disable radius accounting on openvpn server

Scripts which allow the use of special authentication methods (LDAP, AD, MySQL/PostgreSQL, etc).
Post Reply
lanopop123
OpenVpn Newbie
Posts: 1
Joined: Fri Jan 29, 2021 6:36 pm

disable radius accounting on openvpn server

Post by lanopop123 » Fri Jan 29, 2021 6:52 pm

Hello there,

i am trying to connect our openvpn server to a radius server (jumpcloud.com) and for this to work it seems as if i need to disable the radius accounting, because jumpcloud does not support this at this moment.

Can somebody please tell me how i could disable it?

Here is the radius configuration i am currently using on ubuntu 20.04. with the openvpn-auth-radius plugin installed

Code: Select all

NAS-Identifier=OpenVPN
Service-Type=5
Framed-Protocol=1
NAS-Port-Type=5
NAS-IP-Address=127.0.0.1
OpenVPNConfig=/etc/openvpn/server.conf
#subnet=255.255.255.0
overwriteccfiles=false
useauthcontrolfile=false
 
server
{
    authport=1812
    #acctport=1813
    name=123.123.123.123
    retry=1
    wait=1
    sharedsecret=xxx
}
In the Logs the error looks something like this

Code: Select all

Jan 26 14:40:58 server openvpn[7179]: 10.0.2.15:37758 TLS: Initial packet from [AF_INET]10.0.2.15:37758, sid=bf69692c 8e3705cb
Jan 26 14:40:58 server openvpn[7179]: 10.0.2.15:37758 peer info: IV_VER=2.4.7
Jan 26 14:40:58 server openvpn[7179]: 10.0.2.15:37758 peer info: IV_PLAT=linux
Jan 26 14:40:58 server openvpn[7179]: 10.0.2.15:37758 peer info: IV_PROTO=2
Jan 26 14:40:58 server openvpn[7179]: 10.0.2.15:37758 peer info: IV_NCP=2
Jan 26 14:40:58 server openvpn[7179]: 10.0.2.15:37758 peer info: IV_LZ4=1
Jan 26 14:40:58 server openvpn[7179]: 10.0.2.15:37758 peer info: IV_LZ4v2=1
Jan 26 14:40:58 server openvpn[7179]: 10.0.2.15:37758 peer info: IV_LZO=1
Jan 26 14:40:58 server openvpn[7179]: 10.0.2.15:37758 peer info: IV_COMP_STUB=1
Jan 26 14:40:58 server openvpn[7179]: 10.0.2.15:37758 peer info: IV_COMP_STUBv2=1
Jan 26 14:40:58 server openvpn[7179]: 10.0.2.15:37758 peer info: IV_TCPNL=1
Jan 26 14:40:58 server openvpn[7179]: Tue Jan 26 14:40:58 2021 RADIUS-PLUGIN: FOREGROUND THREAD: Auth_user_pass_verify thread started.
Jan 26 14:40:58 server openvpn[7179]: Tue Jan 26 14:40:58 2021 RADIUS-PLUGIN: FOREGROUND THREAD: New user.
Jan 26 14:40:58 server openvpn[7179]: Libgcrypt warning: missing initialization - please fix the application
Jan 26 14:40:58 server openvpn[7186]: Tue Jan 26 14:40:58 2021 RADIUS-PLUGIN: No attributes Acct Interim Interval or bad length.
Jan 26 14:40:58 server openvpn[7186]: Tue Jan 26 14:40:58 2021 RADIUS-PLUGIN: Client config file was not written, overwriteccfiles is false
Jan 26 14:40:58 server openvpn[7186]: .
Jan 26 14:40:58 server openvpn[7179]: Tue Jan 26 14:40:58 2021 RADIUS-PLUGIN: FOREGROUND THREAD: Add user to map.
Jan 26 14:40:58 server openvpn[7179]: 10.0.2.15:37758 PLUGIN_CALL: POST /usr/lib/openvpn/radiusplugin.so/PLUGIN_AUTH_USER_PASS_VERIFY status=0
Jan 26 14:40:58 server openvpn[7179]: 10.0.2.15:37758 TLS: Username/Password authentication succeeded for username 'user1' [CN SET]
Jan 26 14:40:58 server openvpn[7179]: 10.0.2.15:37758 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1541', remote='link-mtu 1549'
Jan 26 14:40:58 server openvpn[7179]: 10.0.2.15:37758 WARNING: 'cipher' is used inconsistently, local='cipher BF-CBC', remote='cipher AES-256-GCM'
Jan 26 14:40:58 server openvpn[7179]: 10.0.2.15:37758 WARNING: 'auth' is used inconsistently, local='auth SHA1', remote='auth [null-digest]'
Jan 26 14:40:58 server openvpn[7179]: 10.0.2.15:37758 WARNING: 'keysize' is used inconsistently, local='keysize 128', remote='keysize 256'
Jan 26 14:40:58 server openvpn[7179]: 10.0.2.15:37758 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384
Jan 26 14:40:58 server openvpn[7179]: 10.0.2.15:37758 [user1] Peer Connection Initiated with [AF_INET]10.0.2.15:37758
Jan 26 14:40:58 server openvpn[7179]: user1/10.0.2.15:37758 MULTI_sva: pool returned IPv4=10.8.0.10, IPv6=(Not enabled)
Jan 26 14:40:59 server openvpn[7187]: Tue Jan 26 14:40:59 2021 RADIUS-PLUGIN: BACKGROUND ACCT: Error: Start packet couldn't send.
Jan 26 14:40:59 server openvpn[7187]: !
Jan 26 14:40:59 server openvpn[7179]: Tue Jan 26 14:40:59 2021 Error: RADIUS-PLUGIN: FOREGROUND: Accounting failed for user:user1!
Jan 26 14:40:59 server openvpn[7179]: user1/10.0.2.15:37758 PLUGIN_CALL: POST /usr/lib/openvpn/radiusplugin.so/PLUGIN_CLIENT_CONNECT status=1
Jan 26 14:40:59 server openvpn[7179]: user1/10.0.2.15:37758 PLUGIN_CALL: plugin function PLUGIN_CLIENT_CONNECT failed with status 1: /usr/lib/openvpn/radiusplugin.so
Jan 26 14:40:59 server openvpn[7179]: user1/10.0.2.15:37758 WARNING: client-connect plugin call failed
Jan 26 14:40:59 server openvpn[7179]: user1/10.0.2.15:37758 PUSH: Received control message: 'PUSH_REQUEST'
Jan 26 14:40:59 server openvpn[7179]: user1/10.0.2.15:37758 Delayed exit in 5 seconds
Jan 26 14:40:59 server openvpn[7179]: user1/10.0.2.15:37758 SENT CONTROL [user1]: 'AUTH_FAILED' (status=1)
Jan 26 14:41:04 server openvpn[7179]: user1/10.0.2.15:37758 SIGTERM[soft,delayed-exit] received, client-instance exiting
additionally i am searching for a way on how to tell my openvpn server to use EAP-TTLS/PAP and not just PAP for the radius connection.

Any help is greatly appreciated

Post Reply