FreeRadius + VPN Clients

Thu Jun 5 13:31:41 CEST 2008

i have already add my vpn router to my client.conf file like this :

[...]

client 10.0.0.0/8 {

secret = root

shortname = cisco vpn

nastype = cisco

}
 [...]

the router also is already configured. here it is the configuration :

Building configuration...

Current configuration : 1809 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname vpn
!
boot-start-marker
boot-end-marker
!
!
memory-size iomem 10
aaa new-model
!
!
aaa authentication login default local line
aaa authentication login userauthen group radius
aaa authentication ppp default group radius
aaa authorization console
aaa authorization exec default local
aaa authorization network VPN-REMOTE-ACCESS local
aaa accounting delay-start
aaa accounting update periodic 180
aaa accounting network default start-stop group radius
aaa session-id common
ip subnet-zero
!
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
username root password 0 root
!
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp keepalive 20 10
!
crypto isakmp client configuration group VPN-REMOTE-ACCESS
key test123
dns 192.168.33.240 192.168.33.239
pool REMOTE-POOL
!
!
crypto ipsec transform-set VPNTRANSFORM esp-3des esp-sha-hmac
no crypto ipsec nat-transparency udp-encaps
!
crypto dynamic-map DYNMAP 1
set transform-set VPNTRANSFORM
reverse-route
!
!
crypto map CLIENTMAP client authentication list userauthen
crypto map CLIENTMAP isakmp authorization list VPN-REMOTE-ACCESS
crypto map CLIENTMAP client configuration address respond
crypto map CLIENTMAP 65535 ipsec-isakmp dynamic DYNMAP
!
!
!
!
interface Ethernet0/0
ip address 10.0.0.1 255.255.255.0
full-duplex
!
interface Ethernet1/0
ip address 192.168.33.31 255.255.255.0
full-duplex
crypto map CLIENTMAP
!
ip local pool REMOTE-POOL 10.0.0.10 10.0.0.15
ip http server
no ip http secure-server
ip classless
!
!
!
!
radius-server configure-nas
radius-server host 10.0.0.2 auth-port 1812 acct-port 1813
radius-server key root
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
!
!
end
i have made a test on my router to request the radius server  :
routerVPN# test aaa group login password radius new-code
and it works correctly !

to make a vpn connection with a client i'm usinf the "UGent Vpn" software.
i saw in documentation on the site of cisco that i'm must configure
"cisco-av-pair" in the radius server but i don't know and i don't have a
graphic mode
here it is the cisco web site  :
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800949ba.shtml#rad_cfg

thank you very much for your reponses ;-)
uness
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080605/0574baf0/attachment.html>