OpenVPN Support Forum

Following is the error that Radius server is reporting , Thu Mar 30 10:56:27 2017 : Auth: Invalid user: [UserName/\261\262U\211X׹/\006g\220\3611S{Zn\342\230\307\350͑Z\220&\t{\373{Ђo\324\001\345\312\016=Q|iP#\236\206\3409] (from client 0.0.0.0/0 port 1 cli Client Public IP)

Server.conf

port 1194
proto udp
dev tun1
fragment 1400
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
server 5.5.32.0 255.255.255.0
comp-lzo no
user nobody
group users
persist-key
persist-tun
status /var/log/openvpn-status.log
duplicate-cn
plugin /etc/openvpn/radiusplugin.so /etc/openvpn/radiusplugin.cnf
tmp-dir "/etc/openvpn/tmp/"                      
log /var/log/openvpn.log
mode server
tls-server
verb 7
cipher AES-256-CBC
#auth MD5
#link-mtu 1500
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.8.4"
#client-to-client 
duplicate-cn
local  10.0.0.127 
ifconfig-pool-persist ipp.txt
push "persist-key"
push "persist-tun"
ifconfig 5.5.32.1 5.5.32.2
keysize 256
dev-type tun
#auth-user-pass-verify
#plugin /usr/lib64/openvpn/plugin/lib/openvpn-auth-pam.so openvpn
#
tun-mtu 1500

Client Conf 

auth SHA1
ca ca.crt
cert client.crt
key client.key
cipher AES-256-CBC
client
comp-lzo no
fragment 1400
dev tun0
keysize 256
persist-key
persist-tun
ping 15
ping-exit 15
ping-restart 0
proto udp
remote VPNSERVER 1194 udp
tls-client
verb 3
resolv-retry infinite
key client.key
ns-cert-type server
#script-security 2
#up /etc/openvpn/update-resolv-conf.sh
#down /etc/openvpn/update-resolv-conf.sh
redirect-gateway def1 bypass-dhcp
pull
nobind
dev-type tun
#link-mtu 1558
mssfix
setenv FORWARD_COMPATIBLE 1
ifconfig 5.5.32.2 5.5.32.1
#tun-mtu-extra 32
tun-mtu 1500

rad_recv: Access-Request packet from host 10.0.0.127 port 37454, id=119, length=167
User-Name = "UserNAME"
User-Password = "\270E\237\366Xm\302s\022\254\242\264\216\236+\301\003\036\177\024\241\233\357\230`g/\2036\036}1֭\007ս\317b)\306y\357͹\355ش"
NAS-IP-Address = 127.0.0.1
NAS-Port = 1
Service-Type = Outbound-User
Calling-Station-Id = "Public_IP"
NAS-Identifier = "OpenVpn"
Acct-Session-Id = "CC0B4006AA7BD6A20E7940D398CA8A27"
NAS-Port-Type = Virtual
# Executing section authorize from file /opt/radiusd/conf/radiusd.conf
+group authorize {
[eap] No EAP-Message, not doing EAP
++[eap] = noop
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
++[pap] = noop
rlm_openotp: Invalid "User-Password" attribute (bad format or wrong RADIUS secret)
++[openotp] = invalid
+} # group authorize = invalid
Invalid user: [taphilix-dev/\270E\237\366Xm\302s\022\254\242\264\216\236+\301\003\036\177\024\241\233\357\230`g/\2036\036}1֭\007ս\317b)\306y\357͹\355ش] (from client 0.0.0.0/0 port 1 cli <PublicIP>)
Using Post-Auth-Type Reject
WARNING: Unknown value specified for Post-Auth-Type. Cannot perform requested action.
Sending Access-Reject of id 119 to 10.0.0.127 port 37454
Finished request 3.
Going to the next request
Waking up in 9.9 seconds.
Cleaning up request 3 ID 119 with timestamp +505

NAS-Identifier=OpenVpn
Service-Type=5
Framed-Protocol=1
NAS-Port-Type=5
NAS-IP-Address=127.0.0.1
OpenVPNConfig=/etc/openvpn/server.conf
overwriteccfiles=true
nonfatalaccounting=false
server
{
   name=127.0.0.1
   acctport=1813
   authport=1812
   retry=3
   wait=3
   sharedsecret = testing
}

[root@ip-10-0-0-127 radiusplugin_v2.0c_beta]# egrep -v "#"   /opt/radiusd/conf/clients.conf
client 0.0.0.0/0 {
	secret		= testing
}

philixta wrote:OpenVPN started to work , after finding the Password from OpenVPN is hashed

philixta wrote:plugin /etc/openvpn/radiusplugin.so /etc/openvpn/radiusplugin.cnf

philixta wrote: ↑

Tue Apr 04, 2017 11:04 am

OpenVPN started to work , after finding the Password from OpenVPN is hashed and not recognizable by the Radius server

Now Server and Client is in sync on AUTH MD5 and password is recognizable by Radius server and its working ok

THanks all for your help

We can close this thread for your help

Philix