Doh!
OpenVPN server doesnt support RADIUS authentication? It sends accounting packets to RADIUS, but doesnt authenticate…
Any ideas?
I’m experiencing the same behavior on 4.10 with OpenVPN. PPTP and L2TP will authenticate using radius, but not OpenVPN. The log shows the packets being sent and received but authentication consistently fails. I have only had success using the local user database.
Okay, so as usual with a little persistence and proper debugging, the solution has presented itself.
The NAS-Port-Type presented by the OpenVPN server is 0 (Async), whereas when using PPTP it’s 5 (Virtual). Make sure your radius policies allow NAS-Port-Type to also be equal to 0.
The other issue was the Mikrotik is using unencrypted authentication between itself and the radius server, so you must tell the radius server to allow unencrypted authentication.
Then and only then will it work for you! Woohoo!
Yeah, I figured it out. I cant remember what it was… But it did work…
I’ve spent on this problem with the Radius and openvpn lot of time.
Hint: look at the logging raidus server (in my case radius server was based on windows)
Most interestingly, pptp and radius on my device mikrotik worked for over a year.
I decided to add openvpn server and in this case the authorization did not pass.
The logs saw the reason why the radius did not give authorization.
Reason code = 66.
Reason = The user attempted to use an authentication method that is not enabled on the matching remote access policy.
Enabled at the radius of any authentication method and it worked …
I wonder why mikrotik uses a different authentication method for authentication pptp and openvpn through the radius?
I have the same problem, but with freeradius not work. I can not enable all authentication methods.