search

FreeRADIUS / pam_radius

This is the PAM to RADIUS authentication module. It allows any Linux, OSX or Solaris machine to become a RADIUS client for authentication and password change requests.
GNU General Public License v2.0
102 stars 90 forks source link

PAM Radius + OVPN #73

Closed Comandante1977 closed 1 year ago

Comandante1977 commented 1 year ago

Situation: I have fully configured and working Freeradius server. Installed OVPN 2.6.4 on other server. And goal is auth through Radius. Installed pam-radius-auth. Configured (confs below). Authentication is working just fine, but there are no Accounting packets from OVPN. When I'm trying pamtester - everyting is ok, accounting is here, but when I connected OVPN - no.

/etc/pam.d/ovpn

account required pam_radius_auth.so auth required pam_radius_auth.so conf=/etc/pam.d/pam_radius_auth.conf debug session required pam_radius_auth.so

/etc/pam.d/pam_radius_auth.conf

3 /etc/openvpn/server/server.conf setenv deferred_auth_pam 1 plugin /usr/lib/x86_64-linux-gnu/openvpn/plugins/openvpn-plugin-auth-pam.so ovpn verify-client-cert none key-direction 0 local ** port 1194 proto udp dev tun ca ca.crt cert server.crt key server.key dh dh.pem auth SHA256 tls-crypt tc.key topology subnet server 10.8.0.0 255.255.255.0 server-ipv6 fddd:1194:1194:1194::/64 push "redirect-gateway def1 ipv6 bypass-dhcp" ifconfig-pool-persist ipp.txt push "dhcp-option DNS 67.207.67.3" push "dhcp-option DNS 67.207.67.2" push "block-outside-dns" push "explicit-exit-notify 3" keepalive 10 120 cipher AES-128-GCM user nobody group nogroup persist-key persist-tun verb 3 crl-verify crl.pem explicit-exit-notify 1 management 127.0.0.1 7555 log-append /var/log/openvpn/openvpn.log txqueuelen 4000 mute-replay-warnings What I missing?
jpereira commented 1 year ago

@Comandante1977 You're complaining about the "OpenVPN". so, please ask the OpenVPN people about that.