Monday, January 11, 2010

Configuring OpenVPN + FreeRADIUS + MySQL

Here's a quick guide on how to configure OpenVPN to use FreeRADIUS for authentication.  I've only tried it on Ubuntu Karmic.  YMMV on other distros.

Download the radiusplugin here  You'll have to compile it from source as there's currently no deb package for it.  Compile steps below:
# apt-get install libgcrypt11 libgcrypt11-dev build-essential
# make
The output will be a single file.  Now move the .so file and the .cnf file to the proper openvpn directory like so:
# cp /etc/openvpn/
# cp radiusplugin.cnf /etc/openvpn/
First off, edit the radiusplugin.cnf file.  Focus on the "server" section and ensure that the details are correct:
        # The UDP port for radius accounting.
        # The UDP port for radius authentication.
        # The name or ip address of the radius server.
        # How many times should the plugin send the if there is no response?
        # How long should the plugin wait for a response?
        # The shared secret.
Next up, edit the openvpn server config file and add the following line:
plugin /etc/openvpn/ /etc/openvpn/radiusplugin.cnf
Restart openvpn service and start freeradius service and login using a username/password pair which is defined in FreeRADIUS. 

You should now have working setup.  More info below:

No comments: