hey there
i got a problem that i cant handle it, just i wanna know should i do something ( for example installing plugin or ... ) on openvpn-as to get works with IBSng ?
-installed openvpn-as (2.10.2) on CentOS 7, 64bits via repository
-Installed IBSng (free version - installation guide is here) on the same server
-ras and other configs for accounting done
-radius auth turned on
but cant login the user pannel with IBSng users
appreciated for any help
thanks so much
openvpn-as(2.10.2) and Radius with IBSng issue
-
- OpenVpn Newbie
- Posts: 2
- Joined: Thu Apr 28, 2022 7:38 am
- openvpn_inc
- OpenVPN Inc.
- Posts: 1333
- Joined: Tue Feb 16, 2021 10:41 am
Re: openvpn-as(2.10.2) and Radius with IBSng issue
Hi d4,
I am not sure how this is supposed to be used in Access Server? Configuration settings are kept in sqlite3 databases, or mysql for a cluster. We don't have PostgreSQL support (sadly. I would like to see that or a database abstraction layer in Access Server.) Is this a RADIUS frontend?
I would also have some concern about this software, because rather than making it work with SELinux, they require "setenforce 0". Definitely a bad sign.
These links might help with your RADIUS setup and testing:
Troubleshooting authentication related problems
Authentication options and command line configuration
regards, rob0
I am not sure how this is supposed to be used in Access Server? Configuration settings are kept in sqlite3 databases, or mysql for a cluster. We don't have PostgreSQL support (sadly. I would like to see that or a database abstraction layer in Access Server.) Is this a RADIUS frontend?
I would also have some concern about this software, because rather than making it work with SELinux, they require "setenforce 0". Definitely a bad sign.
These links might help with your RADIUS setup and testing:
Troubleshooting authentication related problems
Authentication options and command line configuration
regards, rob0
OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support
-
- OpenVPN Power User
- Posts: 156
- Joined: Thu Mar 28, 2013 8:31 am
Re: openvpn-as(2.10.2) and Radius with IBSng issue
It looks like IBSng is not being maintained anymore. The link you provided was for a package last updated in 2012. The radius server itself is implemented in Python version 2. That version was discontinued by the Python Software Foundation at the beginning of 2020. While Red Hat may continue to back-port security fixes to the core of Python, IBSng may make use of additional third-party Python modules that are also no longer being maintained for python v2. From an on-going security perspective this situation seems like a bad idea.
For troubleshooting purposes, it would be helpful to know which RADIUS authentication methods you have tired (MS-CHAP v2, CHAP or PAP). Have all three failed to work? Does IBSng produce any log messages? Or OpenVPN Access Server log messages?
Other things you can do to troubleshoot:
Wireshark / tshark can capture and decode the RADIUS packets to give indications of what took place.
FreeRADIUS package for CentOS provides a radtest client to make it easier to confirm a RADIUS server is working correctly.
You can also try using pam_radius to perform the authentication instead of having OpenVPN AS perform RADIUS directly.
For troubleshooting purposes, it would be helpful to know which RADIUS authentication methods you have tired (MS-CHAP v2, CHAP or PAP). Have all three failed to work? Does IBSng produce any log messages? Or OpenVPN Access Server log messages?
Other things you can do to troubleshoot:
Wireshark / tshark can capture and decode the RADIUS packets to give indications of what took place.
FreeRADIUS package for CentOS provides a radtest client to make it easier to confirm a RADIUS server is working correctly.
You can also try using pam_radius to perform the authentication instead of having OpenVPN AS perform RADIUS directly.
-
- OpenVpn Newbie
- Posts: 2
- Joined: Thu Apr 28, 2022 7:38 am
Re: openvpn-as(2.10.2) and Radius with IBSng issue
i checked that by comunity version and that works like charm with freeradiusplugin, but on access server version not works , ( and i checked by some radius server test softwares and that was okay ) gonna check it again by access server
and youre right the free version was not maintained anymore but the paid version was renamed to local .... (cant remember the exact name ) but i checked the patch notes ) the base are the same just some new options added
and youre right the free version was not maintained anymore but the paid version was renamed to local .... (cant remember the exact name ) but i checked the patch notes ) the base are the same just some new options added