freeRADIUS + POPTOP
Neville
nev at itsnev.co.uk
Sun May 24 02:00:21 CEST 2009
>> I've search the INTERNET for 5 days now and late into the evening, but
>> I'm
>> totally stumped in resolving my problem, so I would appreciate any
>> guidance from the experts. I've configured as per the many guides I've
>> found and have a basic understanding of how this all works, but there is
>> no information anywhere on how to setup the Users / Client details for
>> freeRADIUS.
>
> Did you try reading comments in users file and clients.conf ie. files you
> were about to change?
First THANKS for replying...
I did, but still cannot work out what I'm doing wrong on this as there is so
many guides and different ways of doing things, or thats how it seems.
Everything authenticates ok and the correct IP is allocated now, but I'm not
able to BROWSE any sites and cannot even ping the ip address given to the
PPP adatper. I can only access the VPN, but none of the traffice seems to
be routing correctly. Can you offer any further supports, please.
Windows IP Configuration
PPP adapter testvpn
Connection-specific DNS Suffix . :
IPv4 Address. . . . . . . . . . . : 10.0.0.168
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 0.0.0.0
C:\Users\Nev>ping 10.0.0.168
Pinging 10.0.0.168 with 32 bytes of data:
General failure.
General failure.
General failure.
General failure.
Ping statistics for 10.0.0.168:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
ppp0 Link encap:Point-to-Point Protocol
inet addr:10.0.0.1 P-t-P:10.0.0.168 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1400 Metric:1
RX packets:3890 errors:0 dropped:0 overruns:0 frame:0
TX packets:1731 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:442107 (431.7 KiB) TX bytes:108501 (105.9 KiB)
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 10.0.0.0/24 anywhere
[root log]# cat /etc/sysctl.conf
# Kernel sysctl configuration file for Red Hat Linux
#
# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
# sysctl.conf(5) for more details.
# Controls IP packet forwarding
net.ipv4.ip_forward = 1
[root log]# cat /proc/sys/net/ipv4/ip_forward
1
RADIUS LOG..
+- entering group post-auth {...}
[test_pool] expand: %{NAS-IP-Address} %{NAS-Port} -> 127.0.0.1 0
[test_pool] MD5 on 'key' directive maps to: ee0282d57992a30bce29ea43d092ac16
[test_pool] Searching for an entry for key:
'ee0282d57992a30bce29ea43d092ac16'
rlm_ippool: Allocating ip to key: 'ee0282d57992a30bce29ea43d092ac16'
[test_pool] num: 1
[test_pool] Allocated ip 10.0.0.168 to client key:
ee0282d57992a30bce29ea43d092ac16
++[test_pool] returns ok
++[exec] returns noop
Sending Access-Accept of id 95 to 127.0.0.1 port 51514
Service-Type = Framed-User
Session-Timeout = 65000
Framed-Protocol = PPP
Framed-MTU = 1400
MS-CHAP2-Success =
0xf2533d35303143344543324435364631324646424434313043314445303236314244324642323145323238
MS-MPPE-Recv-Key = 0x39c2ccda839a57b64583b1f3a55ed07e
MS-MPPE-Send-Key = 0xeaa3b2169241344554880f6e3a6f956b
MS-MPPE-Encryption-Policy = 0x00000001
MS-MPPE-Encryption-Types = 0x00000006
Framed-IP-Address = 10.0.0.168
Framed-IP-Netmask = 255.255.255.0
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Accounting-Request packet from host 127.0.0.1 port 40285, id=96,
length=97
Acct-Session-Id = "4A1897253C3400"
User-Name = "test1"
Acct-Status-Type = Start
Service-Type = Framed-User
Framed-Protocol = PPP
Acct-Authentic = RADIUS
NAS-Port-Type = Async
Framed-IP-Address = 10.0.0.168
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
Acct-Delay-Time = 0
+- entering group preacct {...}
++[preprocess] returns ok
[acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address =
127.0.0.1,NAS-IP-Address = 127.0.0.1,Acct-Session-Id =
"4A1897253C3400",User-Name = "test1"'
[acct_unique] Acct-Unique-Session-ID = "2855668f1c6c9940".
++[acct_unique] returns ok
[suffix] No '@' in User-Name = "test1", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[files] returns noop
+- entering group accounting {...}
[detail] expand:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d ->
/usr/local/var/log/radius/radacct/127.0.0.1/detail-20090524
[detail]
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands
to /usr/local/var/log/radius/radacct/127.0.0.1/detail-20090524
[detail] expand: %t -> Sun May 24 00:39:01 2009
++[detail] returns ok
++[unix] returns ok
[radutmp] expand: /usr/local/var/log/radius/radutmp ->
/usr/local/var/log/radius/radutmp
[radutmp] expand: %{User-Name} -> test1
++[radutmp] returns ok
[test_pool] This is not an Accounting-Stop. Return NOOP.
++[test_pool] returns noop
[attr_filter.accounting_response] expand: %{User-Name} -> test1
attr_filter: Matched entry DEFAULT at line 12
++[attr_filter.accounting_response] returns updated
Sending Accounting-Response of id 96 to 127.0.0.1 port 40285
Finished request 1.
Cleaning up request 1 ID 96 with timestamp +56
Going to the next request
Waking up in 3.0 seconds.
Cleaning up request 0 ID 95 with timestamp +54
Ready to process requests.
>> The problem, I'm facing is the allocation of IP address / GW / DNS by
>> freeRADIUS for the VPN connections coming onto my server.
>>
>> my service PrivateIP address is 19x.xxx.xxx.190
>>
>> I've iptables setup to forward all NAT traffic through the PRIVATEIP, but
>> allocation of a GW of 10.0.0.1 and a Client IP of 10.0.0.200
>>
>> However, when I connect and freeRADIUS authenticates me SUCCESSFULLY. I
>> get given a IP of 192.168.2.82 from the test_pool, but pool range-start =
>> 10.0.0.100 range-stop = 10.0.0.199 which is totally different to the
>> address allocated by the pool. ANY IDEAS?
>
> Was test_pool once upon a time in 192.168.2.x range? When you change the
> IP range you need to delete db files. This is clearly stated in the ippool
> module ie. the file you have changed.
I did not delete this, as this was the first time test_pool was used,
however this proved to be the issues and I thank you for that. So it must
have come in as part of the RPM.
More information about the Freeradius-Users
mailing list