Simple guide to FreeRADIUS VPN failover setup

In this tutorial, I will show you how to set up a simple FreeRADIUS Failover settings OpenVPN, PPTP, L2TP With Dante, you couldn’t be easier!

Let’s start first Open VPN, This assumes you have installed OpenVPN and configured it from FreeRADIUS..

Open VPN

Down / etc / openvpn / You will find the file radiusplugin.cnf, Open it, and look for the section that contains:

server
{
# The UDP port for radius accounting.
acctport=1813
# The UDP port for radius authentication.
authport=1812
# The name or ip address of the radius server.
name=192.168.0.153
# How many times should the plugin send the if there is no response?
retry=1
# How long should the plugin wait for a response?
wait=1
# The shared secret.
sharedsecret=testpw
}

This will be your main FreeRADIUS server, copy this section and paste it under the same section, just change the details to point to your failover FreeRADIUS server, and so on, if you use multiple OpenVPN, it will try to list Radius server has multiple ports radiusplugin.cnf Configuration file, then you need to do the same for all files. Remember and restart the openvpn service when done.

PPTP + L2TP:

PPTP and L2TP (xl2tpd) both use the same radiusclient software in the following locations / etc / radiusclient / So this applies to both protocols, once you have PPTP and L2TP installed and configured to authenticate against FreeRADIUS you should have the following directory/ etc / radiusclient / – We need to open this file /etc/radiusclient/radiusclient.conf And find the following sections:

authserver 127.0.0.1

# RADIUS server to use for accouting requests. All that I
# said for authserver applies, too.
#
acctserver 127.0.0.1

After setting up the 2/3 FreeRADIUS server, we need to modify these two lines as follows:

authserver 123.123.123.123, 123.123.123.124, 123.123.123.125

# RADIUS server to use for accouting requests. All that I
# said for authserver applies, too.
#
acctserver 123.123.123.123, 123.123.123.124, 123.123.123.125

The order of FreeRADIUS servers is as follows:

123.123.123.123 = Primary Radius
123.123.123.124 = Failover Radius
123.123.123.125 = Failover Radius

If 123.123.123.123 is under If 123.123.123.124 is also 123.123.123.124, under When 123.123.123.123 returns, 123.123.123.125 will take over on This will take over authentication again.

Now we need to open the file / etc / radiusclient / server And add our radius server and secret, we need to list them in the following order:

123.123.123.123 mysecret
123.123.123.124 mysecret
123.123.123.125 mysecret

Now restart the PPTP and L2TP services.

Dante:

Dante is simple and open / etc / raddb / server And list them below in any order you wish:

123.123.123.123 mysecret 6
123.123.123.124 mysecret 6
123.123.123.125 mysecret 6

Kill the dante sockd process and restart it for it to take effect.

Sidebar