My Visitor

Like this site!

Wanna help other found this site? +1 us now!

Google +1 Button Privacy Policy

Synology Tags

My WebHost

I recommend hostgator, here is why.
«  
  »

Synology DS207+ usage series 22 - Putting it all together - OpenVPN+FreeRadius+OpenLDAP

Pre-requisites

Install OpenVPN on DiskStation
Install OpenLDAP on DiskStation
Install FreeRadius and integrates with OpenLDAP

In order to let FreeRadius acting as authentication server for OpenVPN, we need a radius plugin. I’ve tried the RadiusPlugin and it is working well so far.

* I’m currently using version 2.0. The 2.1 beta plugin did not able to read the configuration file and so openvpn failed to initialize the plugin.

To install the plugin, we need to compile the plugin on the NAS. I’ve tried cross compiling, but the binary is not working for some reason.

Native compile the RadiusPlugin 2.0c

  1. Login as root
  2. Compile the plugin 
    # ipkg --force-depends install gcc
# ipkg --force-depends install make
# ipkg --force-depends install libgcrypt
# ipkg --force-depends install libstdc++
# cd ~
# wget http://www.nongnu.org/radiusplugin/radiusplugin_v2.0c.tar.gz
# tar xvzf radiusplugin_v2.0c.tar.gz
# cd radiusplugin_v2.0c
# make
  3. Copy the config file and plugin to openvpn directory
    # mkdir /opt/etc/openvpn/lib
# cp /root/radiusplugin_v2.0c/radiusplugin.so /opt/etc/openvpn/lib
# cp /root/radiusplugin_v2.0c/radiusplugin.cnf /opt/etc/openvpn/config

Configure OpenVPN Server

  1. Edit the /opt/etc/openvpn/config/radiusplugin.cnf
    NAS-Identifier=OpenVpn
Service-Type=5
Framed-Protocol=1
NAS-Port-Type=5

# The NAS IP address which is sent to the RADIUS server
NAS-IP-Address=127.0.0.1

# Path to the OpenVPN configfile.
OpenVPNConfig=/opt/etc/openvpn/config/openvpn.conf

subnet=255.255.255.0

# I don't wish the plugin to write the client's CCD
# file for me, so I set false here. If you have
# enabled client-config-dir and want the plugin
# to write the client's file for you, set to true here.
# Just make sure the ccd directory is writable by
# the OpenVPN instance.
overwriteccfiles=false

server
{
        # The UDP port for radius accounting.
        acctport=1813
        # The UDP port for radius authentication.
        authport=1812
        # The name or ip address of the radius server.
        name=127.0.0.1
        # How many times should the plugin send the if there is no response?
        retry=1
        # How long should the plugin wait for a response?
        wait=1
        # The shared secret. Refer to the Radius's config
        # /opt/etc/raddb/clients.conf (client localhost section)
        sharedsecret=testpw
}
  2. Edit the /opt/etc/openvpn/config/openvpn.conf
    plugin /opt/etc/openvpn/lib/radiusplugin.so /opt/etc/openvpn/config/radiusplugin.cnf
  3. Restart OpenVPN Server
    # /bin/killall openvpn
# /opt/etc/init.d/S20openvpn
  4. The plugin required to write a temporary file to /tmp directory. If you jailed the openvpn process, we need to create a tmp directory under the jail path.

    # mkdir /opt/etc/openvpn/jail/tmp
    # chmod 777 /opt/etc/openvpn/jail/tmp

Configure OpenVPN Client

  1. Edit the configuration file

    For windows client c:program filesOpenVPNclient.ovpn
    For linux/diskstation client /opt/etc/openvpn/config/openvpn.conf

    Add the following line to the configuration file

    auth-user-pass

Done! Now client’s will be asked for username and password. The data will then redirect to FreeRadius for both authorization and authentication.

November 11th, 2009 | Tags: , , , , , , , | Category: Synology

2 comments to Synology usage series 22 – Putting it all together – OpenVPN+FreeRadius+OpenLDAP

Leave a Reply

  

  

  

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Before you submit form:
Human test by Not Captcha