Using VyOS 999.201709092137 I'm not able to use RADIUS aus my authentication backend for L2TP VPN.
This gives the following error during a connection attempt:
Oct 27 17:48:26 AC1 xl2tpd[2419]: Connection established to xxx.xxx.185.181, 52081. Local: 51934, Remote: 7 (ref=0/0). LNS session is 'default' Oct 27 17:48:26 AC1 xl2tpd[2419]: Call established with xxx.xxx.185.181, Local: 34544, Remote: 679, Serial: 1 Oct 27 17:48:26 AC1 pppd[4907]: pppd 2.4.6 started by root, uid 0 Oct 27 17:48:26 AC1 zebra[1525]: interface ppp0 index 12 <POINTOPOINT,NOARP,MULTICAST> added. Oct 27 17:48:26 AC1 pppd[4907]: Connect: ppp0 <--> /dev/pts/1 Oct 27 17:48:29 AC1 zebra[1525]: interface ppp0 mtu changed from 1500 to 1400 Oct 27 17:48:29 AC1 pppd[4907]: rc_read_dictionary: couldn't open dictionary /etc/radiusclient-ng/dictionary.merit: No such file or directory Oct 27 17:48:29 AC1 pppd[4907]: RADIUS: Can't read dictionary file /etc/radiusclient-ng/dictionary-ravpn Oct 27 17:48:29 AC1 pppd[4907]: Peer <user> failed CHAP authentication Oct 27 17:48:29 AC1 pppd[4907]: Modem hangup Oct 27 17:48:29 AC1 pppd[4907]: Connection terminated. Oct 27 17:48:45 AC1 xl2tpd[2419]: Connection established to xxx.xxx.185.181, 58644. Local: 44906, Remote: 8 (ref=0/0). LNS session is 'default' Oct 27 17:48:45 AC1 xl2tpd[2419]: Call established with xxx.xxx.185.181, Local: 5753, Remote: 681, Serial: 1 Oct 27 17:48:45 AC1 pppd[5482]: pppd 2.4.6 started by root, uid 0 Oct 27 17:48:45 AC1 pppd[5482]: Connect: ppp0 <--> /dev/pts/1 Oct 27 17:48:48 AC1 pppd[5482]: rc_read_dictionary: couldn't open dictionary /etc/radiusclient-ng/dictionary.merit: No such file or directory Oct 27 17:48:48 AC1 pppd[5482]: RADIUS: Can't read dictionary file /etc/radiusclient-ng/dictionary-ravpn Oct 27 17:48:48 AC1 pppd[5482]: Peer <user> failed CHAP authentication Oct 27 17:48:48 AC1 pppd[5482]: Modem hangup Oct 27 17:48:48 AC1 pppd[5482]: Connection terminated.
Configuration is straight forward:
cpo@AC1# show vpn l2tp remote-access authentication mode radius radius-server <server> { key <secret> }
To double-check my radius connectivity I installed the FreeRADIUS client utilities (freeradius-utils) and performed a simple radtest which resulted in:
# radtest -4 <user> <pass> <radius-server> 0 <secret> Sending Access-Request of id 154 to <radius-server> port 1812 User-Name = "<user>" User-Password = "<pass>" NAS-IP-Address = 127.0.1.1 NAS-Port = 0 Message-Authenticator = 0x00000000000000000000000000000000 rad_recv: Access-Accept packet from host <radius-server> port 1812, id=154, length=78 Framed-Protocol = PPP Service-Type = Framed-User Class = 0xfoofooofoofoofoofoofoo
It can be ensured that the connectivity is working!