Before integrating Perfect Privacy VPN's Tunnel Mode with a RADIUS server, ensure these prerequisites are met:
A functional RADIUS server (e.g., FreeRADIUS, Microsoft NPS) is configured and accessible. Note its IP address and shared secret.
A Perfect Privacy VPN subscription with Tunnel Mode enabled on your account.
A router or server capable of running OpenVPN and configured for Perfect Privacy.
The OpenVPN client software is installed on your router/server.
Basic networking knowledge (IP addressing, routing, firewalls).
Download the Perfect Privacy OpenVPN configuration file for Tunnel Mode from the Perfect Privacy member area. Choose a server location.
Edit the OpenVPN configuration file. Add the following lines to enable RADIUS authentication:
auth-user-pass /path/to/radius.conf
Create a file named radius.conf with the following content (adjusting for your RADIUS server):
username
password
These will be used for initial RADIUS connection; you can leave them blank, as the OpenVPN client will prompt for credentials.
Configure the OpenVPN client to connect using the edited configuration file.
Configure your RADIUS server to accept authentication requests from the IP address of your OpenVPN client (i.e., the public IP address assigned by Perfect Privacy).
Add users to your RADIUS server with appropriate usernames and passwords. These are the credentials users will use to authenticate through the Perfect Privacy Tunnel Mode.
Ensure your firewall allows UDP traffic on port 1194 (or the port specified in your Perfect Privacy OpenVPN configuration) to the Perfect Privacy VPN server.
Configure your DNS settings. You can either use Perfect Privacy's DNS servers or your own. If using your own, ensure they are accessible through the Perfect Privacy Tunnel Mode.
If you're using a firewall on the client side, ensure it allows traffic from the OpenVPN client.
Start the OpenVPN client.
When prompted, enter the RADIUS username and password for a test user.
Check the OpenVPN client logs for successful authentication messages.
Verify that the user's traffic is being routed through the Perfect Privacy Tunnel Mode. You can use a website like ipinfo.io to confirm your IP address.
Examine the RADIUS server logs for successful authentication attempts.
RADIUS server not reachable: Double-check the IP address and port configuration. Ensure firewall rules allow traffic.
Incorrect shared secret: Verify the shared secret configured on both the OpenVPN client and the RADIUS server.
Authentication failures: Check the RADIUS server logs for error messages. Ensure the username and password are correct.
DNS resolution issues: Verify that your DNS servers are accessible through the Perfect Privacy Tunnel Mode.
Firewall blocking traffic: Review your firewall rules to ensure traffic is allowed in both directions.
RADIUS server configured and accessible.
Perfect Privacy Tunnel Mode OpenVPN configuration file downloaded.
OpenVPN configuration file edited with auth-user-pass.
radius.conf file created.
OpenVPN client configured and started.
RADIUS server configured to accept connections from the OpenVPN client's IP.
Firewall rules configured for OpenVPN traffic.
DNS settings verified.
Successful authentication verified in both OpenVPN client and RADIUS server logs.
Traffic routed through the Perfect Privacy Tunnel Mode confirmed.