I am working on a setup which involves VPN authentication against Azure Active Directory. Lots of people told me it can't work but there's actually a really nice module made for FreeRADIUS - https://github.com/jimdigriz/freeradius-oauth2-perl
It users OAuth2 to talk to Azure AD, and it works pretty good. One of the drawbacks is that PAP needs to be used so the password is transported via cleartext to Azure AD.
Right now, I can successfully authenticate against Azure AD when I set PPTP as the type of VPN used. The Mikrotik receives the request, forwards it to the FreeRADIUS server which talks to Azure AD and it successfully sends back an Access-Accept response. The PPTP VPN connection is established using the credentials of the cloud-based Azure AD account. Awesome.
Problem is, when I set the VPN type to L2TPw/ PSK, it stops working. I initiate a connection from a Windows machine, the log on Mikrotik says the following:
Code: Select all
respond new phase 1 (Identity Protection): MY.PUBLIC.IP[500] <=>OTHER.PUBLIC.IP[500]
ISAKMP-SA established MY.PUBLIC.IP[4500]-OTHER.PUBLIC.IP[4500]
first L2TP UDP packet received from MY.PUBLIC.IP
ISAKMP-SA deleted MY.PUBLIC.IP[4500]-OTHER.PUBLIC.IP[4500]
purging ISAKMP-SA 85.114.46.131 MY.PUBLIC.IP[4500]-OTHER.PUBLIC.IP[4500]
So TL;DR:
1) Set up RADIUS server which talks to Azure AD for authentication
2) Set up Mikrotik to talk to RADIUS for PPP authentication
3) Tested PPTP VPN with this setup - can confirm it works, RADIUS receives the requests and successfully authenticates against Azure AD
4) Same setup used only with L2TP/w PSK - router receives the request but never forwards it to RADIUS
4.1) Exact logs of the request can be seen above
4.2) RADIUS server in debug mode does not receive any request
5) L2TP connection times out with the above stated error message on the client side
Any ideas on what is causing the issue?