IKEv2 vpn authenticate by freeradius

Alan DeKok aland at deployingradius.com
Wed Jun 22 14:40:48 UTC 2022

On Jun 22, 2022, at 10:01 AM, 网络时代 via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> In the actual test, freeradius sends Access-Accept,See the last output section below. The router log shows that the authentication fails. MikroTik tech support can't find a reason so far.

  Then blame Mikrotik.  If FreeRADIUS sends an Access-Accept, and the router log shows failure, then the problem is the router.

> All certificates are created in freeradius and imported into ROS.
> [e_zhangiso at myradius ~]$ su Password:  [root at myradius e_zhangiso]# radtest vtest1 zsl123 localhost 18120 testing123 Sent Access-Request Id 19 from to length 76 	User-Name = "vtest1" 	User-Password = "zsl123" 	NAS-IP-Address = 	NAS-Port = 18120 	Message-Authenticator = 0x00 	Cleartext-Password = "zsl123" Received Access-Accept Id 19 from to length 20 [root at myradius e_zhangiso]# cd /usr/local/bin/ [root at myradius bin]# ls dbus-cleanup-sockets                radattr dbus-daemon                         radclient dbus-launch                         radcrypt dbus-monitor                        radeapclient dbus-run-session                    radlast dbus-send                           radsqlrelay dbus-test-tool                      radtest dbus-update-activation-environment  radwho dbus-uuidgen                        radzap dhcpclient                          smbencrypt eapol_test                          ttls-eap-mschapv2.conf map_unit                            x86_64-unknown-linux-gnu-pkg-config peap-mschapv2.conf                  xmlwf pkg-config 

  That is completely unreadable.

  But... if eapol_test works, and FreeRADIUS sends Access-Accept, then the problem isn't FreeRADIUS.

  Alan DeKok.

More information about the Freeradius-Users mailing list