I'm trying to setup OpenVPN to authenticate off of radius but am running into some problems with the OpenVPN's handling of the password. OpenVPN adds "SCRV1:" to the front of the password, base64 encodes the password, and attaches what looks to be some sort of challenge response to the password field as it's passed in the environment.
I can't for the life of me figure out if this is a setting in OpenVPN or just a bug. When I run the radiusplugin manually with the test env variables it authenticates properly.
server.conf
[quote]
local x.x.x.x
port 1194
proto tcp
# Which device
dev tun
user root
group root
persist-tun
persist-key
server 10.0.1.0 255.255.255.0
management 127.0.0.1 7505
#auth-user-pass-verify /etc/openvpn/auth-pam.pl via-env
username-as-common-name
client-cert-not-required
client-config-dir /etc/openvpn/ccd
client-to-client
push "redirect-gateway 206.217.193.166"
push "dhcp-option DOMAIN wizardvpn.com"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
ping-timer-rem
keepalive 10 60
# Use compression
#comp-lzo
#tls-server
#tls-auth /etc/openvpn/ssl/ta.key 0
dh /etc/openvpn/ssl/dh1024.pem
cert /etc/openvpn/ssl/server.crt
key /etc/openvpn/ssl/server.key
ca /etc/openvpn/ssl/ca.crt
verb 9
mute 20
topology net30
status /var/log/openvpn/status.log 1
log /var/log/openvpn/radiusvpn.log
#cipher BF-CBC
#auth SHA1
duplicate-cn
plugin /etc/openvpn/plugins/radiusplugin.so /etc/openvpn/radiusplugin.cnf
script-security 3
[/code]
Packet Received by Radius
Code: Select all
Received Access-Request Id 129 from x.x.x.x:55984 to x.x.x.x:1812 length 90
User-Name = 'username'
User-Password = 'SCRV1:dGVzdA==:Tm9uZQ=='
NAS-IP-Address = 206.217.193.166
NAS-Port = 1
Service-Type = Outbound-User
Calling-Station-Id = 'x.x.x.x'
NAS-Identifier = 'OpenVpn'
NAS-Port-Type = Virtual
What am I missing?