LiquidLayer.net | Tech

FreeRadius plugin and Openvpn on CentOS299

LiquidLayer private msg quote post Address this user
Setup FreeRadius plugin and Openvpn on CentOS

* Thanks to Keith of Safesrv for this tutorial
This time we are going to setup OpenVPN source to authenticate off FreeRADIUS on Centos 5, should work on other distro’s.
Ok so on a clean install of centos 32/64Bit and a clean install of OpenVPN we need to grab a couple of packages that we need to install the RadiusPlugin:
yum install libgcrypt libgcrypt-devel gcc-c++
*Please note package names will differ from 32 and 64Bit distro’s, use “Yum Search” to find your package.
Now we need to grab the RadiusPlugin:
wget http://www.nongnu.org/radiusplugin/radiusplugin_v2.1a_beta1.tar.gz
Untar it:
tar xvfz radiusplugin_v2.1a_beta1.tar.gz
Move to its directory:
cd radiusplugin_v2.1a_beta1/
Compile it:
make
The output will be a single radiusplugin.so file. Now move the .so file and the .cnf file to the proper openvpn directory like so:
cp radiusplugin.so /etc/openvpn/
cp radiusplugin.cnf /etc/openvpn/
First off, edit the radiusplugin.cnf file. Focus on the “server” section and ensure that the details are correct:
server
{
# The UDP port for radius accounting.
acctport=1813
# The UDP port for radius authentication.
authport=1812
# The name or ip address of the radius server.
name=YOUR RADIUS SERVER IP
# How many times should the plugin send the if there is no response?
retry=1
# How long should the plugin wait for a response?
wait=1
# The shared secret.
sharedsecret=YOUR RADIUS SERVER SECRET
}
Make sure these entries are correct – now lets edit the OpenVPN server config file and add the following line:
plugin /etc/openvpn/radiusplugin.so /etc/openvpn/radiusplugin.cnf
IMPORTANT, MAKE SURE NO OTHER PLUGIN LINE IS IN THE CONFIG FILE, THE ONLY PLUGIN SHOULD BE THE ONE ABOVE, REMOVE PAM PLUGIN IF PRESENT AND REPLACE WITH THE RADIUS PLUGIN LINE ABOVE.
Now restart OpenVPN in the following way:
service openvpn restart
or
/etc/init.d/openvpn restart
If your config is still not working try this:
killall openvpn
service openvpn start
or
/etc/init.d/openvpn start
Now try login using a username/password pair which is defined in FreeRADIUS.
Post 1 IP   flag post
houman private msg quote post Address this user
Hi,

I know this post is from 8 years ago. But what do you recommend today to connect openvpn and freeradius? The RadiusPlugin hasn't been updated in 10 years. I wonder if you use the Pam Radius instead? https://github.com/FreeRADIUS/pam_radius and wondered if you knew how to set it up properly.

I'm happy to share my findings so far, maybe we could collaborate on this.

Thanks
Houman
Post 2 IP   flag post
1074 2 2
Log in or sign up to compose a reply.