Community discussions

MikroTik App
 
roadracer96
Forum Veteran
Forum Veteran
Topic Author
Posts: 730
Joined: Tue Aug 25, 2009 12:01 am

OpenVPN doesnt support RADIUS?

Tue Dec 29, 2009 6:32 pm

Doh!

OpenVPN server doesnt support RADIUS authentication? It sends accounting packets to RADIUS, but doesnt authenticate...


Any ideas?
 
User avatar
bluecrow76
newbie
Posts: 33
Joined: Wed Sep 13, 2006 11:55 pm

Re: OpenVPN doesnt support RADIUS?

Sat Jun 12, 2010 1:02 am

I'm experiencing the same behavior on 4.10 with OpenVPN. PPTP and L2TP will authenticate using radius, but not OpenVPN. The log shows the packets being sent and received but authentication consistently fails. I have only had success using the local user database.
 
User avatar
bluecrow76
newbie
Posts: 33
Joined: Wed Sep 13, 2006 11:55 pm

Re: OpenVPN doesnt support RADIUS?

Sat Jun 12, 2010 1:26 am

Okay, so as usual with a little persistence and proper debugging, the solution has presented itself.

The NAS-Port-Type presented by the OpenVPN server is 0 (Async), whereas when using PPTP it's 5 (Virtual). Make sure your radius policies allow NAS-Port-Type to also be equal to 0.

The other issue was the Mikrotik is using unencrypted authentication between itself and the radius server, so you must tell the radius server to allow unencrypted authentication.

Then and only then will it work for you! Woohoo!
 
roadracer96
Forum Veteran
Forum Veteran
Topic Author
Posts: 730
Joined: Tue Aug 25, 2009 12:01 am

Re: OpenVPN doesnt support RADIUS?

Sat Jun 12, 2010 1:34 am

Yeah, I figured it out. I cant remember what it was... But it did work...
 
AbyssMoon
just joined
Posts: 4
Joined: Fri Jan 16, 2015 8:36 am

Re: OpenVPN doesnt support RADIUS?

Fri Jan 16, 2015 8:43 am

I've spent on this problem with the Radius and openvpn lot of time.
Hint: look at the logging raidus server (in my case radius server was based on windows)

Most interestingly, pptp and radius on my device mikrotik worked for over a year.
I decided to add openvpn server and in this case the authorization did not pass.
The logs saw the reason why the radius did not give authorization.
Reason code = 66.
Reason = The user attempted to use an authentication method that is not enabled on the matching remote access policy.

Enabled at the radius of any authentication method and it worked ...
I wonder why mikrotik uses a different authentication method for authentication pptp and openvpn through the radius?
 
User avatar
juliokato
Member Candidate
Member Candidate
Posts: 228
Joined: Mon Oct 26, 2015 4:27 pm
Location: Brazil

Re: OpenVPN doesnt support RADIUS?

Mon Jun 06, 2016 7:23 pm

I have the same problem, but with freeradius not work. I can not enable all authentication methods.

Who is online

Users browsing this forum: GoogleOther [Bot], intania, jaclaz and 73 guests