Monday, January 11, 2010

Configuring OpenVPN + FreeRADIUS + MySQL

Here's a quick guide on how to configure OpenVPN to use FreeRADIUS for authentication.  I've only tried it on Ubuntu Karmic.  YMMV on other distros.

Download the radiusplugin here http://www.nongnu.org/radiusplugin/.  You'll have to compile it from source as there's currently no deb package for it.  Compile steps below:
# apt-get install libgcrypt11 libgcrypt11-dev build-essential
# make
The output will be a single radiusplugin.so file.  Now move the .so file and the .cnf file to the proper openvpn directory like so:
# cp radiusplugin.so /etc/openvpn/
# cp radiusplugin.cnf /etc/openvpn/
First off, edit the radiusplugin.cnf file.  Focus on the "server" section and ensure that the details are correct:
server
{
        # The UDP port for radius accounting.
        acctport=1813
        # The UDP port for radius authentication.
        authport=1812
        # The name or ip address of the radius server.
        name=127.0.0.1
        # How many times should the plugin send the if there is no response?
        retry=1
        # How long should the plugin wait for a response?
        wait=1
        # The shared secret.
        sharedsecret=testing123
}
Next up, edit the openvpn server config file and add the following line:
plugin /etc/openvpn/radiusplugin.so /etc/openvpn/radiusplugin.cnf
Restart openvpn service and start freeradius service and login using a username/password pair which is defined in FreeRADIUS. 

You should now have working setup.  More info below:

No comments: