OPenvpn with remote radius authentication issue

Scripts which allow the use of special authentication methods (LDAP, AD, MySQL/PostgreSQL, etc).

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
vpn-troubleshooting
OpenVpn Newbie
Posts: 3
Joined: Mon Aug 15, 2022 5:07 pm

OPenvpn with remote radius authentication issue

Post by vpn-troubleshooting » Mon Aug 15, 2022 5:32 pm

I have configured OPENVPN community edition with remote radius authentication but, when windows system insert the user name & password it passing encrypted one. How I can fix this issue any one have idea.
Server config:
======
dev tun0
proto udp
port 1549
keepalive 10 120
ca ca.crt
cert Server-01.crt
key Server-01.key
dh dh.pem
reneg-sec 0
cipher AES-256-GCM
tun-mtu 1468
tun-mtu-extra 32
mssfix 1400
crl-verify crl.pem
username-as-common-name
client-cert-not-required
user nobody
group nobody
server 172.31.100.0 255.255.255.0
topology subnet
ifconfig-pool-persist ipp.txt
persist-key
persist-tun


# DHCP Push options force all traffic through VPN and sets DNS servers
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"

# Logging
log-append /var/log/openvpn.log
verb 7
plugin /etc/openvpn/openvpn-auth-radius-master/radiusplugin.so /etc/openvpn/radius/radiusplugin.cnf login


=====
server log
=====
Mon Aug 15 18:10:28 2022 RADIUS-PLUGIN: FOREGROUND: OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY is called.
Mon Aug 15 18:10:28 2022 Mon Aug 15 18:10:28 2022 RADIUS-PLUGIN: FOREGROUND THREAD: Auth_user_pass_verify thread started.
RADIUS-PLUGIN: FOREGROUND: Commonname set to Username
Mon Aug 15 18:10:28 2022 RADIUS-PLUGIN: FOREGROUND THREAD: Waiting for new user.
Mon Aug 15 18:10:28 2022 RADIUS-PLUGIN: FOREGROUND: Key: 103.239.55.99:50771.
Mon Aug 15 18:10:28 2022 RADIUS-PLUGIN: FOREGROUND THREAD: New user from OpenVPN!
Mon Aug 15 18:10:28 2022 RADIUS-PLUGIN: FOREGROUND THREAD: New user.
Mon Aug 15 18:10:28 2022 RADIUS-PLUGIN: FOREGROUND THREAD: New user: username: test1, password: *****, newuser ip: 1103.239.55.99, newuser port: 50771 .
Mon Aug 15 18:10:28 2022 RADIUS-PLUGIN: BACKGROUND AUTH: New user auth: username: test1, password: *****, calling station: 1103.239.55.99, commonname: toufik.
Mon Aug 15 18:10:28 2022 RADIUS-PLUGIN: radius_server().
Mon Aug 15 18:10:28 2022 RADIUS-PLUGIN: Build password packet: password: *****, sharedSecret: *****.
Mon Aug 15 18:10:28 2022 RADIUS-PLUGIN: Send packet to 154.205.45.178.
Mon Aug 15 18:10:29 2022 RADIUS-PLUGIN: Got no response from radius server.
Mon Aug 15 18:10:29 2022 RADIUS-PLUGIN: FOREGROUND THREAD: Error receiving auth confirmation from background process.
Mon Aug 15 18:10:29 2022 RADIUS-PLUGIN: FOREGROUND THREAD: Waiting for new user.
Mon Aug 15 18:10:29 2022 Error: RADIUS-PLUGIN: BACKGROUND AUTH: Auth failed!.

Mon Aug 15 18:10:29 2022 us=327757 103.239.255.36:50771 PLUGIN_CALL: POST /etc/openvpn/openvpn-auth-radius-master/radiusplugin.so/PLUGIN_AUTH_USER_PASS_VERIFY status=1
Mon Aug 15 18:10:29 2022 us=327831 103.239.255.36:50771 PLUGIN_CALL: plugin function PLUGIN_AUTH_USER_PASS_VERIFY failed with status 1: /etc/openvpn/openvpn-auth-radius-master/radiusplugin.so
Mon Aug 15 18:10:29 2022 us=328552 103.239.255.36:50771 TLS Auth Error: Auth Username/Password verification failed for peer
Mon Aug 15 18:10:29 2022 us=328673 103.239.255.36:50771 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1549', remote='link-mtu 1550'
Mon Aug 15 18:10:29 2022 us=328724 103.239.255.36:50771 WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
Mon Aug 15 18:10:29 2022 us=329181 MULTI: REAP range 64 -> 8


Radius server log:
===========
Mon Aug 15 10:20:27 2022 : Auth: (0) Login incorrect (pap: Cleartext password does not match "known good" password): [test1/?}?w`???g??t6G??] (from client private-network-1 port 1 cli 1103.239.55.99)

** Radius user password in clear-text format
***Look like VPN sending encrypted password to radius server.

***Openvpn version 2.4.12
Radius client plugin source: https://github.com/brainly/openvpn-auth-radius
** VPN server is centos-7
**radius server is Freeradius
**VPN client : windows 10

Can someone help to fix this

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: OPenvpn with remote radius authentication issue

Post by TinCanTech » Mon Aug 15, 2022 9:59 pm

Could it be the client, sending a bogus password ..

vpn-troubleshooting
OpenVpn Newbie
Posts: 3
Joined: Mon Aug 15, 2022 5:07 pm

Re: OPenvpn with remote radius authentication issue

Post by vpn-troubleshooting » Tue Aug 16, 2022 3:37 pm

from client input the correct password

vpn-troubleshooting
OpenVpn Newbie
Posts: 3
Joined: Mon Aug 15, 2022 5:07 pm

Re: OPenvpn with remote radius authentication issue

Post by vpn-troubleshooting » Fri Aug 19, 2022 5:28 am

issue has been resolved with Debian os, Debian has default openvpn radius plugin with openvpn-auth-radius package.

Post Reply