At this moment I enabled radius authentication in server.conf:
server
plugin /usr/local/etc/openvpn/radiusplugin.so /usr/local/etc/openvpn/radiusplugin.cnf
and in client.conf:
auth-user-pass
Everything works perfectly but I want to get rid of the need for client.crt and client.key on client side. If I add in server.conf:
server
verify-client-cert none
username-as-common-name
username-as-common-name
OpenVPN server (2.5.0) just stops requesting radius server (which is running in debug mode - I can see that there are no requests from openvpn server). In openvpn log I can see this:
server
PLUGIN_CALL: plugin function PLUGIN_AUTH_USER_PASS_VERIFY failed with status 1: /usr/local/etc/openvpn/radiusplugin.so
TLS Auth Error: Auth Username/Password verification failed for peer
TLS Auth Error: Auth Username/Password verification failed for peer
Is it possible to combine radius authentication with non-using of client certificate/key?