Over the last few days i have played around with getting freeradius working with softehter vpn. I was able to get everything working as expect when making use of the windows default vpn connection however I have noticed that when trying to use openvpn to create the connection it is not sending the data over in a ms-chap format looking for any suggestions on what I should be doing to attempt to force a ms-chap pass though so access will work though azure active directory.
thanks.
working microsoft vpn sstp client
Code: Select all
(0) Received Access-Request Id 234 from {ip}:56333 to {ip}:1812 length 283
(0) User-Name = "user"
(0) Acct-Session-Id = "\000\344"
(0) NAS-IP-Address = ip
(0) Service-Type = Framed-User
(0) MS-RAS-Vendor = 311
(0) MS-RAS-Version = "MSRASV5.20"
(0) NAS-Port-Type = Virtual
(0) Tunnel-Type:0 = PPTP
(0) Tunnel-Medium-Type:0 = IPv4
(0) Called-Station-Id = "Azure"
(0) Calling-Station-Id = "ip"
(0) Tunnel-Client-Endpoint:0 = "ip"
(0) MS-RAS-Client-Version = "MSRASV5.20"
(0) MS-RAS-Client-Name = "ip"
(0) MS-CHAP-Challenge = 0xXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
(0) MS-CHAP2-Response = 0xXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
(0) NAS-Identifier = "SoftEther VPN Server"
(0) Proxy-State = 0xXXXXXXXXXXXXXX
Code: Select all
(0) Received Access-Request Id 235 from {ip}:58423 to {ip}:1812 length 146
(0) User-Name = "user"
(0) User-Password = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
(0) NAS-Identifier = "SoftEther VPN Server"
(0) Service-Type = Framed-User
(0) NAS-Port-Type = Virtual
(0) Tunnel-Type:0 = PPTP
(0) Tunnel-Medium-Type:0 = IPv4
(0) Called-Station-Id = "Azure"
(0) Calling-Station-Id = "ip"
(0) Tunnel-Client-Endpoint:0 = "ip"
(0) Proxy-State = 0xXXXXXXXXXXXXXXXXXXXXXXXXXX
Code: Select all
dev tun
proto tcp
remote {endpoint.domain.com} 1194
cipher AES-256-CBC
auth SHA1
resolv-retry infinite
nobind
persist-key
persist-tun
client
verb 3
auth-user-pass
route-nopull
dhcp-option DNS 2.2.2.2
dhcp-option DNS 1.1.1.1
dhcp-option DOMAIN domain.com
auth-nocache
remote-cert-tls server
<ca>
-----BEGIN CERTIFICATE-----
Cert here-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
Cert here
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
cert here
-----END CERTIFICATE-----
</ca>