IT Linux Softwares And Tools

OpenVPN Server with remote RADIUS authentication

One of my friends had some issues with OpenVPN server using remote RADIUS authentication. So I did some tests and thought it is a good topic to blog!

I am also adding a video tutorial about this (first attempt, so forgive the mistakes!)

 

For this setup, I am using 2 servers:

  1. A DigitalOcean Ubuntu instance of $5,  which will be the OpenVPN Access Server. Quoting from the website ” OpenVPN Access Server is a full featured secure network tunnelling VPN software solution that integrates OpenVPN server capabilities, enterprise management capabilities, simplified OpenVPN Connect UI, and OpenVPN Client software packages that accommodate Windows, MAC, Linux, Android, and iOS environments”
  2. A local Ubuntu server on Virtualbox, which will have dalo RADIUS configured. With daloRADIUS you can easily and quickly manage your FreeRADIUS deployment, with an easy to use GUI

Lets start:

On the DigitalOcean Server (from now on we will call this as the VPN server), lets configure OpenVPN Access Server. Its a super simple 3 step process.

  1. Download the package
  2. Install the package
  3. During the installation, OpenVPN will create a default admin user called ‘openvpn’. We need to set a password for that.

And you are done!

After the installation, you can access the interface as below:

Now lets configure the RADIUS server before we enable the authentication part on VPN server.

On the RADIUS server, follow the steps below:

  1. Install Free radius and additional libraries, tools etc
  2. After this, install PhpMyAdmin
    During the setup process when asked, select Apache2 and click “OK” to complete the setup and on the second screen select “YES” for the question “Configure database for phpmyadmin with dbconfig-common?”, enter MySQL password of your root account and for phpmyadmin. If it installed properly, you will be able to access it from a browser- http://yourserver_ip_address/phpmyadmin
  3. We need to install few more packages before proceeding with daloRADIUS installation.
  4. Also needs to install php pear
    Just press ENTER to accept the default installation options.
  5. To avoid Apache’s error “Could not reliably determine the server’s fully qualified domain name” lets add one more thing.
    then add below line:
  6. Restart Apache
  7. Do the config test on Apache to make sure everything is ok
  8. Now lets download daloradius software:
  9. Extract it
  10. Move it to www directory
  11. Now create MySQL database for FreeRADIUS which will be used by daloradius too
  12. While still inside the /var/www/daloradius-0.9-9/ folder issue the command below..

  13. Login to mysql and confirm the database is successfully restored

Now lets configure freeradius

Lets first test freeradius and make sure its working fine.

  1. locate the line containing 

  2. Stop freeradius and run the freeradius server in debug mode
    The output should be something like this:
  3. Press Control-C to stop the freeradius debug mode.
  4. Now start freeradius:
  5. Just to make sure all works fine, lets test freeradius authentication using a text file
    If your setup is correct, you should be getting below output:
  6. Now we need to set it up to use SQL database for authentication instead of the text file.
  7. Stop freeradius again:
  8. Locate the following line and uncomment it, save and quit
  9. Edit another file vi  /etc/freeradius/sites-available/defaultlocate the following line under the “authorize” section and uncomment it
    locate the line under the “session” section and uncomment that as well, save and exit the file editing.
  10. Now run freeradius  again in debug mode
  11. You should see below output if everything works fine:

Create Freeradius mysql account

  1. Login to mysql
  2. Create user account
  3. Set password
  4. Grant privilleges
  5. quit

Update sql account details for Freeradius

  1. Edit the file /etc/freeradius/sql.conf
  2. Locate the following line and update the details accordingly
    and change it to…
  3. Uncomment the line.
  4. save and exit

Configure daloRadius MySQL Account

  1. Edit the file /var/www/daloradius-0.9-9/library/daloradius.conf.php
  2. locate the lines
and change the value settings to.
$configValues[‘CONFIG_DB_NAME’] = ‘radiusdb’;
Save the file and exit..

Tip: Its better to rename the long daloradius name to a simple one.

About the author

Ambi