Re: DUO Radius Unifi L2TP VPN issue

Com7IT · ‎06-23-2021

Hi,

I have a problem getting a Duo Mobile Push notification after authenticating VPN access from Windows 10 L2TP Vpn client.

The setup is:

Radius server is running on a Unifi dream machine pro
Duo authentication Proxy is running on a Ubuntu 20.04LTS on Windows 10 WLS2
The vpn user is created in the admin portal With Duo Mobile already setup
Latest version of DAP is installed on Ubuntu and configuration scripts show no errors and is up
Windows 10 21H1 L2tp vpn client that is able to connect with username/password
The firewalls are off and both Ubuntu and UDM pro (latest firmware!) can ping eachother

But the Duo Mobile never gets a push and there is never a 2FA happening.

I have followed all the guides and read all past threads online.

Running TCPdump on Ubuntu shows no Radius authentication requests being made at all

The config:

[radius_client1]
host=192.168.0.1 (UDM pro)
secret=hidden
port=1816
pass_through_all=true

[radius_server_auto3]
ikey=hidden
skey=hidden
api_host=hidden
radius_ip_2=172.26.0.0/20 (LAN that Ubuntu is on in WSL2)
radius_secret_2=hidden
failmode=safe
client=radius_client1
port=1816

I have tried back an fourth with different configs and this is the newest.

DuoKristina · ‎06-23-2021

If no incoming RADIUS requests are arriving at the Ubuntu system that is running the Duo Authentication Proxy then you should re-examine whatever is supposed to be sending RADIUS requests to it to make sure it’s actually configured to do so.

radius_ip_x should be whatever is configured to send the outbound RADIUS access request to the Duo proxy server on port 1816.

Duo, not DUO.