Page 1 of 1

openvpn-as(2.10.2) and Radius with IBSng issue

Posted: Sat Apr 30, 2022 7:13 am
by d4wood
hey there
i got a problem that i cant handle it, just i wanna know should i do something ( for example installing plugin or ... ) on openvpn-as to get works with IBSng ?
-installed openvpn-as (2.10.2) on CentOS 7, 64bits via repository
-Installed IBSng (free version - installation guide is here) on the same server
-ras and other configs for accounting done
-radius auth turned on

but cant login the user pannel with IBSng users
appreciated for any help
thanks so much

Re: openvpn-as(2.10.2) and Radius with IBSng issue

Posted: Wed May 04, 2022 1:37 pm
by openvpn_inc
Hi d4,

I am not sure how this is supposed to be used in Access Server? Configuration settings are kept in sqlite3 databases, or mysql for a cluster. We don't have PostgreSQL support (sadly. I would like to see that or a database abstraction layer in Access Server.) Is this a RADIUS frontend?

I would also have some concern about this software, because rather than making it work with SELinux, they require "setenforce 0". Definitely a bad sign.

These links might help with your RADIUS setup and testing:
Troubleshooting authentication related problems
Authentication options and command line configuration

regards, rob0

Re: openvpn-as(2.10.2) and Radius with IBSng issue

Posted: Wed May 04, 2022 6:08 pm
by chilinux
It looks like IBSng is not being maintained anymore. The link you provided was for a package last updated in 2012. The radius server itself is implemented in Python version 2. That version was discontinued by the Python Software Foundation at the beginning of 2020. While Red Hat may continue to back-port security fixes to the core of Python, IBSng may make use of additional third-party Python modules that are also no longer being maintained for python v2. From an on-going security perspective this situation seems like a bad idea.

For troubleshooting purposes, it would be helpful to know which RADIUS authentication methods you have tired (MS-CHAP v2, CHAP or PAP). Have all three failed to work? Does IBSng produce any log messages? Or OpenVPN Access Server log messages?

Other things you can do to troubleshoot:
Wireshark / tshark can capture and decode the RADIUS packets to give indications of what took place.

FreeRADIUS package for CentOS provides a radtest client to make it easier to confirm a RADIUS server is working correctly.

You can also try using pam_radius to perform the authentication instead of having OpenVPN AS perform RADIUS directly.

Re: openvpn-as(2.10.2) and Radius with IBSng issue

Posted: Sun May 29, 2022 12:26 pm
by d4wood
i checked that by comunity version and that works like charm with freeradiusplugin, but on access server version not works , ( and i checked by some radius server test softwares and that was okay ) gonna check it again by access server
and youre right the free version was not maintained anymore but the paid version was renamed to local .... (cant remember the exact name ) but i checked the patch notes ) the base are the same just some new options added