[ previous ] [ next ] [ threads ]
 
 From:  "Chris Buechler" <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Radius through VPN
 Date:  Thu, 25 Sep 2008 09:39:49 -0400
On Thu, Sep 25, 2008 at 7:42 AM, Christian Decker
<decker dot christian at gmail dot com> wrote:
> Hi all,
>
> I'm trying to setup a system that is distributed across multiple
> locations. I figured that I could link the locations together with VPN
> and have a freeradius server at our main location and then
> authenticate the users through that VPN link.
> My main location has the network 192.168.2.0/24 and the first side
> location has 192.168.3.0/24. VPN is set up correctly in that I can
> ping all machines from one side to the other. The radius server is
> working correctly and as long as I have it on the LAN side of my main
> location my main location is able to authenticate users against it,
> but when I try to activate the captive portal on my side location it
> always gives me a bad authentication attempt:
>
> Sep 25 13:34:40         ERROR: cxd, 00:0f:1f:cd:53:49, 192.168.3.216, Error
> sending request: No valid RADIUS responses received
>
> The really strange thing is that if I test it with the captive portal
> off and with radtest all looks fine
>
> $ radtest cxd password 192.168.2.4 1812 secret
> Sending Access-Request of id 158 to 192.168.2.4 port 1812
>        User-Name = "cxd"
>        User-Password = "password"
>        NAS-IP-Address = 255.255.255.255
>        NAS-Port = 1812
> rad_recv: Access-Accept packet from host 192.168.2.4:1812, id=158, length=20
>
> Any idea what's going wrong?
>

You need a static route, same as:
http://doc.m0n0.ch/handbook/faq-snmpovervpn.html

-Chris