openvpn-as(2.10.2) and Radius with IBSng issue

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Post Reply
d4wood
OpenVpn Newbie
Posts: 2
Joined: Thu Apr 28, 2022 7:38 am

openvpn-as(2.10.2) and Radius with IBSng issue

Post by d4wood » Sat Apr 30, 2022 7:13 am

hey there
i got a problem that i cant handle it, just i wanna know should i do something ( for example installing plugin or ... ) on openvpn-as to get works with IBSng ?
-installed openvpn-as (2.10.2) on CentOS 7, 64bits via repository
-Installed IBSng (free version - installation guide is here) on the same server
-ras and other configs for accounting done
-radius auth turned on

but cant login the user pannel with IBSng users
appreciated for any help
thanks so much

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1332
Joined: Tue Feb 16, 2021 10:41 am

Re: openvpn-as(2.10.2) and Radius with IBSng issue

Post by openvpn_inc » Wed May 04, 2022 1:37 pm

Hi d4,

I am not sure how this is supposed to be used in Access Server? Configuration settings are kept in sqlite3 databases, or mysql for a cluster. We don't have PostgreSQL support (sadly. I would like to see that or a database abstraction layer in Access Server.) Is this a RADIUS frontend?

I would also have some concern about this software, because rather than making it work with SELinux, they require "setenforce 0". Definitely a bad sign.

These links might help with your RADIUS setup and testing:
Troubleshooting authentication related problems
Authentication options and command line configuration

regards, rob0
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

chilinux
OpenVPN Power User
Posts: 156
Joined: Thu Mar 28, 2013 8:31 am

Re: openvpn-as(2.10.2) and Radius with IBSng issue

Post by chilinux » Wed May 04, 2022 6:08 pm

It looks like IBSng is not being maintained anymore. The link you provided was for a package last updated in 2012. The radius server itself is implemented in Python version 2. That version was discontinued by the Python Software Foundation at the beginning of 2020. While Red Hat may continue to back-port security fixes to the core of Python, IBSng may make use of additional third-party Python modules that are also no longer being maintained for python v2. From an on-going security perspective this situation seems like a bad idea.

For troubleshooting purposes, it would be helpful to know which RADIUS authentication methods you have tired (MS-CHAP v2, CHAP or PAP). Have all three failed to work? Does IBSng produce any log messages? Or OpenVPN Access Server log messages?

Other things you can do to troubleshoot:
Wireshark / tshark can capture and decode the RADIUS packets to give indications of what took place.

FreeRADIUS package for CentOS provides a radtest client to make it easier to confirm a RADIUS server is working correctly.

You can also try using pam_radius to perform the authentication instead of having OpenVPN AS perform RADIUS directly.

d4wood
OpenVpn Newbie
Posts: 2
Joined: Thu Apr 28, 2022 7:38 am

Re: openvpn-as(2.10.2) and Radius with IBSng issue

Post by d4wood » Sun May 29, 2022 12:26 pm

i checked that by comunity version and that works like charm with freeradiusplugin, but on access server version not works , ( and i checked by some radius server test softwares and that was okay ) gonna check it again by access server
and youre right the free version was not maintained anymore but the paid version was renamed to local .... (cant remember the exact name ) but i checked the patch notes ) the base are the same just some new options added

Post Reply