[Openvpn-users] RADIUS + OpenVPN connectivity issues?

["Jan Mulders" <lastchancehotel@xxxxxxxxx>]

Hello,

I'm having some connectivity issues in OpenVPN 2.1_beta14 using Ralf's RADIUS plugin for OpenVPN. I am using CentOS 4.2, and radiusplugin_v1.2d2 (a slight patch on v1.2d - one variable for diagnostics).

I have (finally) set everything up, so the plugin authenticates against RADIUS correctly. The RADIUS query (finally!) makes it through to the server, as can be seen from the following:

Thu Aug  3 12:13:41 2006 : Auth: Login OK: [testuser1/testing] (from client localhost port 1 
24.21.247.44)


What I did was stop all openvpn processes, then start OpenVPN via 'service openvpn start'.

Here's a snippet from the attached client.log file:

Thu Aug  3 11:55:54 2006 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2 048 bit RSA
Thu Aug  3 11:55:54 2006 [blade038] Peer Connection Initiated with 84.234.16.145:443
Thu Aug  3 11:55:54 2006 Connection reset, restarting [0]
Thu Aug  3 11:55:54 2006 TCP/UDP: Closing socket
Thu Aug  3 11:55:54 2006 SIGUSR1[soft,connection-reset] received, process restarting
Thu Aug  3 11:55:54 2006 Restart pause, 5 second(s)
Thu Aug  3 11:55:56 2006 SIGINT[hard,init_instance] received, process exiting

So, the connection gets reset for some reason. Here's the corresponding side of the server.log file:

Thu Aug  3 12:13:41 2006 us=962443 24.21.247.44:28918 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Thu Aug  3 12:13:41 2006 us=962515 24.21.247.44:28918 [testuser1] Peer Connection Initiated with 24.21.247.44:28918
Thu Aug  3 12:13:41 2006 us=962704 testuser1/24.21.247.44:28918 PLUGIN_CALL: PRE type=PLUGIN_CLIENT_CONNECT
Thu Aug  3 12:13:41 2006 us=962742 testuser1/24.21.247.44:28918 ARGV[0] = '/etc/openvpn/radiusplugin_static.so'
Thu Aug  3 12:13:41 2006 us=962767 testuser1/24.21.247.44:28918 ARGV[1] = 'openvpn_29051_1.tmp'
Thu Aug  3 12:13:41 2006 us=962790 testuser1/24.21.247.44:28918 ENVP[0] = 'trusted_port=28918'
Thu Aug  3 12:13:41 2006 us=962813 testuser1/24.21.247.44:28918 ENVP[1] = 'trusted_ip=24.21.247.44'
Thu Aug  3 12:13:41 2006 us=962836 testuser1/24.21.247.44:28918 ENVP[2] = 'common_name=testuser1'
Thu Aug  3 12:13:41 2006 us=962859 testuser1/24.21.247.44:28918 ENVP[3] = 'username=testuser1'
Thu Aug  3 12:13:41 2006 us=962881 testuser1/24.21.247.44:28918 ENVP[4] = 'untrusted_port=28918'
Thu Aug  3 12:13:41 2006 us=962904 testuser1/24.21.247.44:28918 ENVP[5] = 'untrusted_ip=
24.21.247.44'
Thu Aug  3 12:13:41 2006 us=962926 testuser1/24.21.247.44:28918 ENVP[6] = 'tls_serial_0=2'
Thu Aug  3 12:13:41 2006 us=962949 testuser1/24.21.247.44:28918 ENVP[7] = 'tls_id_0=/C=US/ST=Oregon/L=Portland/O=VTunnel/CN=testuser1/emailAddress=
admin@xxxxxxxxxxx'
Thu Aug  3 12:13:41 2006 us=962972 testuser1/24.21.247.44:28918 ENVP[8] = 'tls_serial_1=0'
Thu Aug  3 12:13:41 2006 us=962995 testuser1/24.21.247.44:28918 ENVP[9] = 'tls_id_1=/C=US/ST=Oregon/L=Portland/O=VTunnel/CN=VTunnel_CA/emailAddress=
admin@xxxxxxxxxxx'
Thu Aug  3 12:13:41 2006 us=963017 testuser1/24.21.247.44:28918 ENVP[10] = 'daemon_log_redirect=1'
Thu Aug  3 12:13:41 2006 us=963040 testuser1/24.21.247.44:28918 ENVP[11] = 'daemon=1'
Thu Aug  3 12:13:41 2006 us=963062 testuser1/24.21.247.44:28918 ENVP[12] = 'verb=7'
Thu Aug  3 12:13:41 2006 us=963085 testuser1/24.21.247.44:28918 ENVP[13] = 'local_port=1111'
Thu Aug  3 12:13:41 2006 us=963107 testuser1/24.21.247.44:28918 ENVP[14] = 'proto=tcp-server'
Thu Aug  3 12:13:41 2006 us=963130 testuser1/24.21.247.44:28918 ENVP[15] = 'config=tunnel.conf'
Thu Aug  3 12:13:41 2006 us=963152 testuser1/24.21.247.44:28918 ENVP[16] = 'ifconfig_local=REMOVED'
Thu Aug  3 12:13:41 2006 us=963175 testuser1/24.21.247.44:28918 ENVP[17] = 'ifconfig_netmask=
255.255.255.0'
Thu Aug  3 12:13:41 2006 us=963197 testuser1/24.21.247.44:28918 ENVP[18] = 'ifconfig_broadcast=REMOVED'
Thu Aug  3 12:13:41 2006 us=963316 testuser1/24.21.247.44:28918 ENVP[19] = 'script_context=init'
Thu Aug  3 12:13:41 2006 us=963343 testuser1/24.21.247.44:28918 ENVP[20] = 'tun_mtu=1500'
Thu Aug  3 12:13:41 2006 us=963366 testuser1/24.21.247.44:28918 ENVP[21] = 'link_mtu=1544'
Thu Aug  3 12:13:41 2006 us=963388 testuser1/24.21.247.44:28918 ENVP[22] = 'dev=tun0'
RADIUS-PLUGIN: FOREGROUND: OPENVPN_PLUGIN_CLIENT_CONNECT is called.

...and then, basically, it freezes. The next connection attempt does not go through:

lastchance@peltier:/etc/openvpn$ openvpn --config 
tunnel.conf
Thu Aug  3 12:02:08 2006 OpenVPN 2.1_beta14 i686-pc-linux [SSL] [LZO1] [EPOLL] built on Aug  3 2006
Enter Auth Username:testuser1
Enter Auth Password:
Enter Private Key Password:
Thu Aug  3 12:02:15 2006 WARNING: file '
testuser1.key' is group or others accessible
Thu Aug  3 12:02:15 2006 LZO compression initialized
Thu Aug  3 12:02:15 2006 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
Thu Aug  3 12:02:15 2006 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Thu Aug  3 12:02:15 2006 Local Options hash (VER=V4): '69109d17'
Thu Aug  3 12:02:15 2006 Expected Remote Options hash (VER=V4): 'c0103fa8'
Thu Aug  3 12:02:15 2006 Attempting to establish TCP connection with 
84.234.16.145:443 [nonblock]
Thu Aug  3 12:02:25 2006 TCP: connect to 84.234.16.145:443 failed, will try again in 5 seconds: Connection timed out
Thu Aug  3 12:02:26 2006 SIGINT[hard,init_instance] received, process exiting

Am I right in thinking that actually, the server has frozen solid?

Anyone have any suggestions?

Once I get this all done, I'll be submitting an OpenVPN+RADIUS+Accounting howto... I don't want anyone to have to go through the trouble I've had with all this!

Thanks all,

Jan Mulders


-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

_______________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users