comicchang / radiusplugin Goto Github PK

Hi
I am using OpenVPN-2.3.2 on pfSense-2.1.4.
Since it is based on FreeBSD-8.3 I used this to compile radiusplugin so I can use this on pfsense...
I found it in ports (/usr/ports/security/openvpn-auth-radius/) and compiled it with success (I think)
The steps I took are:

1. cd /usr/ports/distfiles/ wget http://distcache.freebsd.org/ports-distfiles/pkcs11-helper-1.09.tar.bz2 to avoid error "File unavailable (e.g., file not found, no access)"
2. cd /usr/ports/security/openvpn-auth-radius/ make make install
   selecting both PW_SAVE and PKCS11

the process seem to end successfully, though when I copy radiusplugin.so and radiusplugin.cnf on pfsense and set openvpn.conf correctly (I know this is not the appropriate method but had nothing else to do. Command ldd, outputs the same dependencies in pfsense as in freebsd )

The log message appears:
Libgcrypt warning: missing initialization - please fix the application
and on the radius server appears account info but not traffic info

Is there any experience in this ... or any suggestions ?

regards

I’ve noticed a bunch of folks maintaining derivative forks of radiusplugin. I’d love to have a single authoritative place where new maintenance happens. I haven’t started merging people’s work, but I’ve noticed at least these projects:

• https://github.com/reee/radiusplugin
• https://github.com/squadette/radiusplugin
• https://github.com/comicchang/radiusplugin
• and more https://github.com/search?utf8=✓&q=radiusplugin

Are you interested in helping with this project? Any preference what the org name be?

Hi
Radiusplugin works ok (traffic info send) but makes openvpn freeze.

When it is deactivated (comment), openvpn server works fine.
When it is activated (uncomment) and user is reconnecting or just the openvpn server is restarting, the server hangs...
When it appears (due to client's reconnection or openvpn server restart), processes are :

ps aux | grep openvpn
root    7891  0.0  0.2  1812   796  ??  IN    1:28PM   0:00.00 nc -U /var/etc/openvpn/server1.sock
root   51229  0.0  1.1  8432  5516  ??  I     1:10PM   0:00.01 /usr/local/sbin/openvpn --config /var/etc/openvpn/server1.conf
root   51412  0.0  1.1  8432  5492  ??  S     1:10PM   0:00.11 /usr/local/sbin/openvpn --config /var/etc/openvpn/server1.conf
root   52190  0.0  1.3 10608  6512  ??  Is    1:10PM   0:00.28 /usr/local/sbin/openvpn --config /var/etc/openvpn/server1.conf

OpenVPN freezes (even /var/log/openvpn.log freezes) and after a reboot or killing processes the log shows:

Aug 5 17:18:47  openvpn[27542]: OpenVPN 2.3.2 i386-portbld-freebsd8.3 [SSL (OpenSSL)] [LZO] [eurephia] [MH] [IPv6] built on Mar 27 2014
Aug 5 17:18:47  openvpn[27542]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Aug 5 17:18:47  openvpn[27542]: WARNING: POTENTIALLY DANGEROUS OPTION --client-cert-not-required may accept clients which do not present a certificate
Aug 5 17:18:47  openvpn[27542]: Control Channel Authentication: using '/var/etc/openvpn/server1.tls-auth' as a OpenVPN static key file
Aug 5 17:18:47  openvpn[27542]: TCP/UDP: Socket bind failed on local address [AF_INET]server_ip:5001: Address already in use
Aug 5 17:18:47  openvpn[27542]: Exiting due to fatal error

Another issue I found last day is that the user cannot connect (though he could and traffic info was send in RADIUS) and there this line in openvpn.log:

Aug  6 15:47:07 pfsense openvpn[44340]: client_ip:1947 PLUGIN_CALL: POST /root/openvpn/radius/radiusplugin.so/PLUGIN_AUTH_USER_PASS_VERIFY status=6124398
TLS Auth Error: Auth Username/Password verification failed for peer

• Shouldn't the status value be 0 or 1 ?
• Do you think this has to do with the above ?
• Should I try to search if there is a compile problem in my radiusplugin ?

(running OpenVPN 2.3.2 i386-portbld-freebsd8.3 on pfSense 2.1.4-RELEASE and have compiled radiusplugin on freebsd-8.3. I have also posted details in pfsense forum with no response yet)

regards