| *** nowen (~nowen@adsl-176-210-205.asm.bellsouth.net) has joined #wikid | 13:15 | |
| *** JP_ (cf683602@gateway/web/freenode/ip.207.104.54.2) has joined #wikid | 18:06 | |
| JP_ | Hello... I am having a slight issue with the Network Clients. I have added my Cisco ASA as a network client using radius. I have setup two domains, one for remote mobile clients and another for internal PCs. My mobile client domain code is an external facing IP, my internal domain code is a private IP. I am using the same network client (Cisco ASA) IP address in both domains. The problem I am having is that when I go to authenticate to my | 18:13 |
|---|---|---|
| JP_ | wikid is mapping it to my internal domain code. | 18:13 |
| JP_ | and rejecting my mobile token | 18:13 |
| nowen | yeah, each network client must be limited to one domain in radius. I guess you are using the same IP address for both network clients? | 18:14 |
| nowen | is it possible to use a different network client? | 18:14 |
| JP_ | yes. it seems that having the same network client in two domains may be the issue? | 18:14 |
| nowen | yes - it's a problem only for radius | 18:15 |
| JP_ | no, our users would only be connecting to the Cisco ASA for remote access | 18:15 |
| JP_ | ah ok | 18:15 |
| nowen | some people create a firewall rule to allow internal requests hit the outside ip, but that might be an issue for you | 18:16 |
| JP_ | i was thinking the same thing | 18:16 |
| JP_ | in practice we wouldn't be doing much internal authentication anyways | 18:16 |
| JP_ | I am just using it for testing purposes | 18:17 |
| nowen | yeah, I think that's the other part - we see this in testin,g but not productino | 18:17 |
| JP_ | ok, good to know, thanks again. | 18:17 |
| nowen | np | 18:17 |
| *** JP_ has quit (Quit: Page closed) | 18:17 | |
| *** sean (43a40ced@gateway/web/freenode/ip.67.164.12.237) has joined #wikid | 21:11 | |
| sean | Nick? | 21:11 |
| nowen | yes | 21:11 |
| *** sean is now known as Guest43670 | 21:11 | |
| Guest43670 | Hi - I just emailed you back | 21:11 |
| Guest43670 | Anyways | 21:12 |
| nowen | ahh | 21:12 |
| Guest43670 | How long does it take to get the CERT back? | 21:12 |
| nowen | none - it comes in a popup now ;) | 21:12 |
| nowen | but I can mail it to you also ;) | 21:12 |
| Guest43670 | I just submitted it and it told me to wait for an email... | 21:13 |
| Guest43670 | the submission was in a popup | 21:13 |
| nowen | be sure to cut and paste as plain text | 21:13 |
| Guest43670 | for the CSR | 21:13 |
| nowen | yeah, it should come back in the same pop up | 21:13 |
| Guest43670 | i closed that popup heh | 21:13 |
| nowen | hehe. what version of openvpn? | 21:13 |
| Guest43670 | 1.6.1 | 21:14 |
| nowen | the opensource version? | 21:14 |
| Guest43670 | i don't think so | 21:14 |
| Guest43670 | i downloaded the centos package from their website | 21:14 |
| nowen | well, Access Server has built-in support for Radius | 21:15 |
| Guest43670 | yea I downloaded openvpn-as | 21:16 |
| Guest43670 | that's the right one correct? | 21:16 |
| nowen | they both work, AS is a bit easier | 21:16 |
| Guest43670 | cool | 21:17 |
| Guest43670 | so I guess I just need the signed cert | 21:17 |
| Guest43670 | ah got it | 21:17 |
| nowen | I don't have a doc on it, but just create a network client on the WiKID server that uses radius and on AS, tell it to use radius and point it to wikid | 21:17 |
| nowen | use port 1812 UDP | 21:17 |
| Guest43670 | im following the howto here: http://www.howtoforge.com/how-to-add-two-factor-authentication-to-openvpn-as-with-the-wikid-strong-authentication-server-p2 | 21:18 |
| nowen | haha. I forgot about that one! | 21:18 |
| Guest43670 | hopefully that works | 21:18 |
| nowen | yeah it should | 21:18 |
| Guest43670 | sweet. | 21:18 |
| Guest43670 | OK thanks for the info. I'm gonna get back to it. I'll come back if I run into trouble :) | 21:19 |
| nowen | ok | 21:19 |
| nowen | I'm east coast time, btw | 21:19 |
| Guest43670 | ok thx | 21:19 |
| *** Guest43670 has quit (Ping timeout: 265 seconds) | 21:24 | |
| *** sean (43a40ced@gateway/web/freenode/ip.67.164.12.237) has joined #wikid | 22:52 | |
| *** sean is now known as Guest52298 | 22:52 | |
| Guest52298 | are you still around, Nick? | 22:53 |
| nowen | yep | 22:53 |
| Guest52298 | Maybe you can help me out here... | 22:53 |
| nowen | sure | 22:53 |
| Guest52298 | I have everything setup with the token etc | 22:53 |
| Guest52298 | it connects to the wikid server and i enter my pin and it gives me a temp pass | 22:53 |
| nowen | ok | 22:53 |
| Guest52298 | then i go to the openvpn server | 22:54 |
| Guest52298 | download & install the software | 22:54 |
| Guest52298 | and nothing happnes | 22:54 |
| Guest52298 | I login with my user and pass and it takes me to the "download the installer and then you will be connected automatically" page | 22:54 |
| nowen | hmm. I don't remember much about installing openvpn | 22:55 |
| Guest52298 | any ideas? | 22:55 |
| Guest52298 | it's in your HOWTO | 22:55 |
| nowen | hehe. let me look at it again | 22:55 |
| Guest52298 | http://www.howtoforge.com/how-to-add-two-factor-authentication-to-openvpn-as-with-the-wikid-strong-authentication-server-p2 | 22:55 |
| Guest52298 | at the bottom | 22:55 |
| nowen | ahh | 22:56 |
| Guest52298 | yea heh | 22:56 |
| nowen | ok, so you want to install the Windows client and use the client.opvn file | 22:56 |
| nowen | I mean the other one | 22:56 |
| nowen | did you install the client? | 22:56 |
| Guest52298 | where is this client file? | 22:56 |
| Guest52298 | yea | 22:56 |
| Guest52298 | openvpn client is installed | 22:57 |
| nowen | and did you pu the config where it is suppose to go? | 22:57 |
| Guest52298 | i didn't see anything about config in your howto | 22:57 |
| Guest52298 | did i miss it? | 22:58 |
| nowen | well, I really focused on the integration side. I guess I assumed that openvpn was already setup | 22:58 |
| Guest52298 | when you get the "download" link, it looks nothing like how you have it | 22:59 |
| Guest52298 | there is no link to opvn file | 22:59 |
| nowen | they may have updated it | 22:59 |
| Guest52298 | so there is some extra setup in openvpn i need to do? | 22:59 |
| nowen | the user is getting validated? | 23:00 |
| Guest52298 | yes | 23:00 |
| nowen | does it look like this: http://openvpn.net/index.php/access-server/docs/admin-guides/457-connect-to-openvpn-access-server-using-the-connect-client.html | 23:00 |
| Guest52298 | but then it re-directs me do the download page again | 23:00 |
| Guest52298 | yup | 23:01 |
| Guest52298 | i get past that | 23:01 |
| nowen | maybe you need to restart the client? | 23:01 |
| Guest52298 | i did that multiple times | 23:01 |
| nowen | what is it supposed to look like? | 23:01 |
| nowen | I guess that last screen ship | 23:01 |
| nowen | shot | 23:01 |
| Guest52298 | i have no idea - but i know for a fact I don't get assigned an IP | 23:01 |
| Guest52298 | see the 2nd screenshot? | 23:02 |
| Guest52298 | in that link you sent me | 23:02 |
| nowen | yes | 23:02 |
| Guest52298 | that's where I get stuck | 23:02 |
| Guest52298 | I never get "connected" | 23:02 |
| nowen | can you install the client? | 23:02 |
| Guest52298 | even though i already have the client installed | 23:02 |
| Guest52298 | yea | 23:02 |
| nowen | do you have the little icon on the task bar? | 23:03 |
| Guest52298 | yup | 23:03 |
| Guest52298 | orange/white icon | 23:03 |
| Guest52298 | "disconnect" is greyed out | 23:03 |
| nowen | is there an option to connect? | 23:04 |
| Guest52298 | i even have my antivirus off, and I disabled iptables on the server | 23:04 |
| Guest52298 | yes | 23:04 |
| Guest52298 | when I "Go to x.x.x.x:1194" | 23:04 |
| nowen | and you connect and get that screen again | 23:04 |
| Guest52298 | it goes to the install screen | 23:04 |
| Guest52298 | yup | 23:04 |
| nowen | and you've rebooted? | 23:04 |
| nowen | and you've installed it in a location where you have permissions? | 23:05 |
| Guest52298 | yea | 23:05 |
| Guest52298 | i'll try uninstalling and re-installing | 23:05 |
| nowen | you might try #openvpn | 23:05 |
| nowen | I really only test it enough to get the docs done | 23:05 |
| Guest52298 | ok np | 23:06 |
| Guest52298 | thank you | 23:06 |
| nowen | yeah, let me know what you find out | 23:07 |
| nowen | might be time to update the docs | 23:07 |
| Guest52298 | will do | 23:07 |
| Guest52298 | bleh. they re-directed me to their support web page. | 23:12 |
| nowen | hmm | 23:12 |
| Guest52298 | i'll try and figure this out and let you know if i fix it. | 23:12 |
| nowen | ok | 23:12 |
| nowen | sorry | 23:12 |
| *** Guest52298 has quit (Quit: Page closed) | 23:12 | |
| *** nowen has parted #wikid (None) | 23:12 | |
Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!