FreeRadius Setup

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
gavstah
Posts: 61
Joined: Wed Jun 05, 2013 11:33 pm
Location: Glen Allen, Virginia USA
Contact:

FreeRadius Setup

Post by gavstah » Mon May 19, 2014 8:57 pm

Hi there -

I have a working free radius server that works fine except for when I try to hook my softether server into it.

I have the server correctly configured in softether admin, but when I attempt to log into the softether server it appears to not connect to the radius server at all. (Using radius -X to debug).

This does not appear to be a firewall issue, as I temporarily disabled firewall on both radius and softether boxes to test.

Does anyone have a working freeradius setup?
Top Punkawallah
The VPN Company
http://goo.gl/iu6wG

theodisbutler
Posts: 31
Joined: Mon Feb 24, 2014 12:12 am

Re: FreeRadius Setup

Post by theodisbutler » Tue May 27, 2014 1:41 am

You only need to make one change to your clients.conf file and it should work.

n-retep
Posts: 2
Joined: Mon Jun 02, 2014 8:15 am

Re: FreeRadius Setup

Post by n-retep » Mon Jun 02, 2014 8:41 am

Hello,

i have the same problem as gavstah. I set up freeradius (in a vm) with ldap (in an other vm), that communicates fine and i installed softether vpn server (in a vm) and vpn client (in an other vm), so that i have four vms now. As the logs of vpn server and vpn client show, the communication is established, the authentication type ist external and failes code 9. But it seems that the radius server recieves no request from the vpn server. By RadiusServerGet i see that the radius server is set up correctly. The clients.conf is also set up correctly, the ip address an the secret is given. I have used tcpdump and there seems to be no traffic between the vpn server and the radius server.
@gavstah: Did you solve the problem? If so, how didi you get it?

Anyone who could help?

gavstah
Posts: 61
Joined: Wed Jun 05, 2013 11:33 pm
Location: Glen Allen, Virginia USA
Contact:

Re: FreeRadius Setup

Post by gavstah » Mon Jun 02, 2014 6:45 pm

In theory, yes. In practice, no.

I have a working FreeRadius server set up that other clients are having no problem authenticating against. When I point my softether server to the radius server (and yes, the softether server has an entry in clients.conf on the radius server), it's not even hitting it. Authentication just fails with "Authentication error".

The softether logs show:

Connection "CID-14" terminated by the cause "User authentication failed."

The thing is, the failure happens so quickly that it's almost like the softether server isn't even reaching out to the radius server. Which is borne out by the fact that I'm on the free radius box running

radiusd -X

Just crickets there when I try to connect to the softether server.


theodisbutler wrote:
> You only need to make one change to your clients.conf file and it should
> work.
Top Punkawallah
The VPN Company
http://goo.gl/iu6wG

gavstah
Posts: 61
Joined: Wed Jun 05, 2013 11:33 pm
Location: Glen Allen, Virginia USA
Contact:

Re: FreeRadius Setup

Post by gavstah » Mon Jun 02, 2014 7:10 pm

DOH! Got the softether setup figured out for the most part.

Key is to RTFM first.

When using Radius, you must create the user on the server with the username * - yes, just a single asterisk, and select RADIUS authentication for that user.

This will pass all auth requests to the radius server.

Now the only problem is the FreeRadius server is throwing this error when authenticating (see screenshot)

http://screencast.com/t/ptlUsmutHnS

My password is just a simple string of letters and numbers, so it seems like the softether server is sending the password along with some funky stuff added. Or does free radius need to be set with a particular kind of encryption of the pass? The manual doesn't mention anything.

As suggested, I did check the shared secret for the client/server, so that's all set.
Top Punkawallah
The VPN Company
http://goo.gl/iu6wG

gavstah
Posts: 61
Joined: Wed Jun 05, 2013 11:33 pm
Location: Glen Allen, Virginia USA
Contact:

Re: FreeRadius Setup

Post by gavstah » Mon Jun 02, 2014 11:01 pm

PEBKAC strikes again . . . DOH!

Everything now resolved and radius auth is working fine!

Best wishes to those who posted suggestions.
Top Punkawallah
The VPN Company
http://goo.gl/iu6wG

n-retep
Posts: 2
Joined: Mon Jun 02, 2014 8:15 am

Re: FreeRadius Setup

Post by n-retep » Tue Jun 03, 2014 1:13 pm

Thank you, gavstah, for your information. The paragraph with the asterisk as user name I have read perhaps tree times and was sure that I am right in what I was doing. So RTFM is sometimes not enough. For me that means R and understand TFM and then think about it ;-)
Now everything works fine.

Thank you ones again

Darkanoid
Posts: 2
Joined: Tue Jun 03, 2014 8:23 pm

Re: FreeRadius Setup

Post by Darkanoid » Tue Jun 03, 2014 8:25 pm

gavstah wrote:
> DOH! Got the softether setup figured out for the most part.
>
> Key is to RTFM first.
>
> When using Radius, you must create the user on the server with the username
> * - yes, just a single asterisk, and select RADIUS authentication for that
> user.
>
> This will pass all auth requests to the radius server.
>
> Now the only problem is the FreeRadius server is throwing this error when
> authenticating (see screenshot)
>
> http://screencast.com/t/ptlUsmutHnS
>
> My password is just a simple string of letters and numbers, so it seems
> like the softether server is sending the password along with some funky
> stuff added. Or does free radius need to be set with a particular kind of
> encryption of the pass? The manual doesn't mention anything.
>
> As suggested, I did check the shared secret for the client/server, so
> that's all set.


To solve that issue

Edit /etc/raddb/sites-available/default and uncomment the line containing 'sql' in the authorize{} section. The best place to put it is just after the 'files' entry. Indeed, if you'll just be using SQL, and not falling back to text files, you could comment out or delete the 'files' entry altogether.

CateFul
Posts: 7
Joined: Sun Apr 27, 2014 10:05 am

Re: FreeRadius Setup

Post by CateFul » Thu Jun 19, 2014 12:10 pm

Darkanoid, this does not solve that issue. Anyone has a solution? Seems like SoftEther is adding something else along with the password before sending it out.

gavstah
Posts: 61
Joined: Wed Jun 05, 2013 11:33 pm
Location: Glen Allen, Virginia USA
Contact:

Re: FreeRadius Setup

Post by gavstah » Thu Jun 19, 2014 6:30 pm

Yeah - that had nothing to do with the problems I was having.

Make sure that the pass for this client in /etc/raddb/clients.conf on your radius machine matches the pass you put into the radius auth section of the softether setup. I had mistakenly put the wrong pass in the softether setup - once I corrected that, everything started working as expected.

PM me if you need any help setting it up - I can help troubleshoot it.



CateFul wrote:
> Darkanoid, this does not solve that issue. Anyone has a solution? Seems
> like SoftEther is adding something else along with the password before
> sending it out.
Top Punkawallah
The VPN Company
http://goo.gl/iu6wG

Darkanoid
Posts: 2
Joined: Tue Jun 03, 2014 8:23 pm

Re: FreeRadius Setup

Post by Darkanoid » Sat Jun 21, 2014 1:58 pm

Sorry, it helped me with the same issue since radius was not configured properly in combination with mysql. After that authentication worked well.

CateFul
Posts: 7
Joined: Sun Apr 27, 2014 10:05 am

Re: FreeRadius Setup

Post by CateFul » Tue Jun 24, 2014 9:59 am

I sorted it. In my case though it was because the random pass was too long for the radius server to handle. 16 chars worked fine. Still waiting on radius accounting.

gavstah wrote:
> Yeah - that had nothing to do with the problems I was having.
>
> Make sure that the pass for this client in /etc/raddb/clients.conf on your radius
> machine matches the pass you put into the radius auth section of the softether setup.
> I had mistakenly put the wrong pass in the softether setup - once I corrected that,
> everything started working as expected.
>
> PM me if you need any help setting it up - I can help troubleshoot it.
>
>
>
> CateFul wrote:
> > Darkanoid, this does not solve that issue. Anyone has a solution? Seems
> > like SoftEther is adding something else along with the password before
> > sending it out.

bbk1674
Posts: 23
Joined: Wed Apr 08, 2015 4:33 am

Re: FreeRadius Setup

Post by bbk1674 » Wed Sep 16, 2015 7:36 am

I have a similar issue, but it is only with softether.

I used Windows NPS Radius Server for many things and it didn't work with softether and I gave it up for Freeradius 2 ( an add-on package on pfsense Firewall)
Unfortunately I have the same issue.
I am trying to setup only authentication not yet accounting not anything else. but no luck.
I tested the Freeradius2 itself works fin, but again like the windows server Radius it only doesn't work with SoftEther.
any suggestions?

iamfoolberg
Posts: 1
Joined: Mon Nov 14, 2022 11:59 am

Re: FreeRadius Setup

Post by iamfoolberg » Mon Nov 14, 2022 12:02 pm

In my case: freeradius 3.0, SE(by git + make, ...)
I do the following, and it works.

#uncomment the following in /etc/freeradius/3.0/sites-enabled/default
#important!!!
vi /etc/freeradius/3.0/sites-enabled/default

Auth-Type LDAP {
ldap
}

#restart the freeradius
sudo service freeradius restart
#or debug it
sudo service freeradius debug

Post Reply