How to enable radius authentication without client certificate?

[kapunov81]

Hi everyone!
At this moment I enabled radius authentication in server.conf:

View Originalserver

plugin /usr/local/etc/openvpn/radiusplugin.so /usr/local/etc/openvpn/radiusplugin.cnf

and in client.conf:
auth-user-pass
Everything works perfectly but I want to get rid of the need for client.crt and client.key on client side. If I add in server.conf:

View Originalserver

verify-client-cert none
username-as-common-name

OpenVPN server (2.5.0) just stops requesting radius server (which is running in debug mode - I can see that there are no requests from openvpn server). In openvpn log I can see this:

View Originalserver

PLUGIN_CALL: plugin function PLUGIN_AUTH_USER_PASS_VERIFY failed with status 1: /usr/local/etc/openvpn/radiusplugin.so
TLS Auth Error: Auth Username/Password verification failed for peer

Is it possible to combine radius authentication with non-using of client certificate/key?

[TinCanTech]

There is a section in The Howto which describes exactly what you need.

[kapunov81]

Well, I found the source of my problem.
Radiusplugin searches in server.conf option "client-cert-not-required", but in OpenVpn 2.5 this option was changed on "verify-client-cert". I had to make a fake server.conf.alt for the radiusplugin with that required option "client-cert-not-required".