I have a Windows 2012 Server which has been a Radius server for my enterprise routers, and now trying to have the same server authenticate for SoftEther VPN.
I may be doing something wrong in the policy creation but doesn’t matter what kind of VPN I try to connect to the server with, it doesn’t authenticate if that User is not on the VPN server. I also have created the wild card user (*) for RADIUS.
Can anyone help me tackle this issue as my number of servers grow it will be impossible to create 1 user on all servers with the same policies and password.
Thank you
Radius Authentication does not work
-
tboege
- Posts: 4
- Joined: Mon Jun 17, 2013 9:25 pm
Re: Radius Authentication does not work
Try to connect with sstp og ipsec. I found, that Radius dos note work with navive softether client ( http://www.vpnusers.com/viewtopic.php?f=7&t=4588 )
-
bbk1674
- Posts: 23
- Joined: Wed Apr 08, 2015 4:33 am
Re: Radius Authentication does not work
tboege wrote:
> Try to connect with sstp og ipsec. I found, that Radius dos note work with
> navive softether client (
> http://www.vpnusers.com/viewtopic.php?f=7&t=4588 )
I actually saw that posting and I tried L2TP and SSTP but it seems that RADIUS server and VPN servers do not shake hands at all. any other suggestions please
> Try to connect with sstp og ipsec. I found, that Radius dos note work with
> navive softether client (
> http://www.vpnusers.com/viewtopic.php?f=7&t=4588 )
I actually saw that posting and I tried L2TP and SSTP but it seems that RADIUS server and VPN servers do not shake hands at all. any other suggestions please
-
Petrol
- Posts: 44
- Joined: Wed May 06, 2015 11:23 pm
Re: Radius Authentication does not work
I run a softether server that uses a RADIUS server for authentication and both built-in L2TP/IP clients (Windows, MAC, Android) and Softether's VPN client are logging in successfully .
I found out that the username field sent by the VPN server to the RADIUS server is always in lowercase. I don't know if it is intended, but it might be your problem. (it was my problem : my Radius server was comparing usernames stored in a database,which contain upper and lower cases, with the usernames sent by the vpn server)
Maybe you should also check the default Virtual Hub that is used when you don't specify it in the L2TP username field. (VPN Server Manager -> IPSec/L2TP Settings -> Default Virtual Hub).
Last thing when using L2TP/IP to connect to the VPN server, check that the authentication protocol of you client is set to PAP.
I found out that the username field sent by the VPN server to the RADIUS server is always in lowercase. I don't know if it is intended, but it might be your problem. (it was my problem : my Radius server was comparing usernames stored in a database,which contain upper and lower cases, with the usernames sent by the vpn server)
Maybe you should also check the default Virtual Hub that is used when you don't specify it in the L2TP username field. (VPN Server Manager -> IPSec/L2TP Settings -> Default Virtual Hub).
Last thing when using L2TP/IP to connect to the VPN server, check that the authentication protocol of you client is set to PAP.
-
bbk1674
- Posts: 23
- Joined: Wed Apr 08, 2015 4:33 am
Re: Radius Authentication does not work
Petrol wrote:
> I run a softether server that uses a RADIUS server for authentication and both
> built-in L2TP/IP clients (Windows, MAC, Android) and Softether's VPN client are
> logging in successfully .
>
> I found out that the username field sent by the VPN server to the RADIUS server is
> always in lowercase. I don't know if it is intended, but it might be your problem.
> (it was my problem : my Radius server was comparing usernames stored in a
> database,which contain upper and lower cases, with the usernames sent by the vpn
> server)
>
> Maybe you should also check the default Virtual Hub that is used when you don't
> specify it in the L2TP username field. (VPN Server Manager -> IPSec/L2TP Settings
> -> Default Virtual Hub).
>
> Last thing when using L2TP/IP to connect to the VPN server, check that the
> authentication protocol of you client is set to PAP.
Hi and thank you for writing to me. I have 3 servers, I use the * user wild card which is specified as Radius server auth on that user. but no type of VPN authenticates when using a user that is only on radius server or even when the user is created on the server but set as RADIUS Auth.
I also only have only 1 hub in these servers, so I keep this in mind for the future, but now that you have o issues with Radius, May I ask what is your radius server?
There maybe Something wrong from my server 2012 NPS policy server wrong. I really need help due to the fact I am getting user ID requests from people, and it will be hard in the future to work with more servers without a central authentication method.
Can you tell me what Radius Server you use and how did you set the policy for this VPN up???
P.S I was using this Radius/NPS server windows 2012 for RRAS VPN and there was a policy for PPTP Vpn users and it was working fine authenticating locally and remotely for another PPTP server. but when it didn't work for softether I created a new policy for connection request and network policies that may work for VPN auth on softether. not working though. please see the attachment files and Help me.
Thank you in advance
> I run a softether server that uses a RADIUS server for authentication and both
> built-in L2TP/IP clients (Windows, MAC, Android) and Softether's VPN client are
> logging in successfully .
>
> I found out that the username field sent by the VPN server to the RADIUS server is
> always in lowercase. I don't know if it is intended, but it might be your problem.
> (it was my problem : my Radius server was comparing usernames stored in a
> database,which contain upper and lower cases, with the usernames sent by the vpn
> server)
>
> Maybe you should also check the default Virtual Hub that is used when you don't
> specify it in the L2TP username field. (VPN Server Manager -> IPSec/L2TP Settings
> -> Default Virtual Hub).
>
> Last thing when using L2TP/IP to connect to the VPN server, check that the
> authentication protocol of you client is set to PAP.
Hi and thank you for writing to me. I have 3 servers, I use the * user wild card which is specified as Radius server auth on that user. but no type of VPN authenticates when using a user that is only on radius server or even when the user is created on the server but set as RADIUS Auth.
I also only have only 1 hub in these servers, so I keep this in mind for the future, but now that you have o issues with Radius, May I ask what is your radius server?
There maybe Something wrong from my server 2012 NPS policy server wrong. I really need help due to the fact I am getting user ID requests from people, and it will be hard in the future to work with more servers without a central authentication method.
Can you tell me what Radius Server you use and how did you set the policy for this VPN up???
P.S I was using this Radius/NPS server windows 2012 for RRAS VPN and there was a policy for PPTP Vpn users and it was working fine authenticating locally and remotely for another PPTP server. but when it didn't work for softether I created a new policy for connection request and network policies that may work for VPN auth on softether. not working though. please see the attachment files and Help me.
Thank you in advance
You do not have the required permissions to view the files attached to this post.
-
Petrol
- Posts: 44
- Joined: Wed May 06, 2015 11:23 pm
Re: Radius Authentication does not work
I'm using a very light Radius Server based on TinyRadius ( http://tinyradius.sourceforge.net/ ) on a linux debian 7 server.
Even if the radius server does not proceed the vpn server request successfully, it should have logged some informations about the transactions that can tell you what is not working?
Even if the radius server does not proceed the vpn server request successfully, it should have logged some informations about the transactions that can tell you what is not working?