Simple guide to FreeRADIUS VPN failover setup

In this tutorial, I will show you how to set up a simple FreeRADIUS Failover settings OpenVPN, PPTP, L2TP With Dante, you couldn’t be easier!

Let’s start first Open VPN, This assumes you have installed OpenVPN and configured it from FreeRADIUS..

Open VPN

Down / etc / openvpn / You will find the file radiusplugin.cnf, Open it, and look for the section that contains:

# The UDP port for radius accounting.
# The UDP port for radius authentication.
# The name or ip address of the radius server.
# How many times should the plugin send the if there is no response?
# How long should the plugin wait for a response?
# The shared secret.

This will be your main FreeRADIUS server, copy this section and paste it under the same section, just change the details to point to your failover FreeRADIUS server, and so on, if you use multiple OpenVPN, it will try to list Radius server has multiple ports radiusplugin.cnf Configuration file, then you need to do the same for all files. Remember and restart the openvpn service when done.


PPTP and L2TP (xl2tpd) both use the same radiusclient software in the following locations / etc / radiusclient / So this applies to both protocols, once you have PPTP and L2TP installed and configured to authenticate against FreeRADIUS you should have the following directory/ etc / radiusclient / – We need to open this file /etc/radiusclient/radiusclient.conf And find the following sections:


# RADIUS server to use for accouting requests. All that I
# said for authserver applies, too.

After setting up the 2/3 FreeRADIUS server, we need to modify these two lines as follows:


# RADIUS server to use for accouting requests. All that I
# said for authserver applies, too.

The order of FreeRADIUS servers is as follows: = Primary Radius = Failover Radius = Failover Radius

If is under If is also, under When returns, will take over on This will take over authentication again.

Now we need to open the file / etc / radiusclient / server And add our radius server and secret, we need to list them in the following order: mysecret mysecret mysecret

Now restart the PPTP and L2TP services.


Dante is simple and open / etc / raddb / server And list them below in any order you wish: mysecret 6 mysecret 6 mysecret 6

Kill the dante sockd process and restart it for it to take effect.