Making Windows Network Policy Server work with VyOS/EdgeOS L2TP over IPSec VPN using Radius Auth

For those with the daunting task of connecting a VyOS or Ubiquiti EdgeOS device to a Windows Network Policy (NPS) for authentication via Radius for L2TP over IPsec , I present the following instructions:

  1. Setup your L2TP/IPSec server using local accounts first.
    Before diving into radius auth with Window’s NPS, make sure you’ve setup your L2TP/IPSec server using local accounts. Try the following tutorials to get this setup:

    1. EdgeMAX – Set up L2TP over IPsec VPN server – Ubiquiti …
    2. Set Up Vyatta / Vyos as an L2TP/IPsec VPN Server …
    3. L2TP/IPSec on a Ubiquiti EdgeMax | One Bad Pixel
  2. Install the Network Policy Server (NPS) Role
    Head on over to the Server Manager on the Windows 2008/2012 R2 Server that you would like to host the NPS role. This assumes that you have a full Active Directory domain setup.
  3. Add a new Radius Client
    Once you have the NPS role installed, head on over to Radius Clients to add a new Radius Client. Replace x.x.x.x with the internal IP address of your VyOS/EdgeOS device.
    Screen Shot 2015-03-05 at 3.43.09 AMScreen Shot 2015-03-05 at 3.42.47 AM
  4. Add new Connect Request Policy.
    Use the following details when creating a new Connection Request Policy. If you don’t see the setting in a screenshot, keep the default settings.
    Screen Shot 2015-03-05 at 3.40.53 AMScreen Shot 2015-03-05 at 3.41.17 AMScreen Shot 2015-03-05 at 3.41.34 AM
  5. Add new Network Policy
    The following details will help your EdgeOS/VyOS device authenticate correctly. If you don’t see the setting in a screenshot, keep the default settings.
    Screen Shot 2015-03-05 at 3.43.38 AMScreen Shot 2015-03-05 at 3.44.00 AMScreen Shot 2015-03-05 at 3.44.13 AMScreen Shot 2015-03-05 at 3.45.02 AM
  6. Enable Radius on VyOS/EdgeOS

    configure
    set vpn l2tp remote-access authentication mode 'radius'
    set vpn l2tp remote-access authentication radius-server x.x.x.x key '{shared secret here}'
    commit
  7. Enjoy your L2TP/IPSec VPN!
    Feel free to leave a comment if you feel like something isn’t right or not working.

Will Canadian Cellular Consumers Ever See the Light?

apple-iphone-5-whiteWe have a serious problem with the mobile industry in Canada.  There has been a lot of controversy surrounding cellphone contracts and high monthly costs to the consumer, while carriers are recording substantial profits.  Consumers are  feeling like they are being taken advantage of and maybe they are.  Below is my take on the problem, how to fix it and how, as a consumer, to take advantage of it.

The Consumer’s Perception Of Phone Costs Are Unrealistic

A $599 iPhone, for example,  is being subsidized by a 3 year contract to bring the initial cost for the consumer down to $199.  In doing so, this gives the consumer the false impression that  the phone’s value is only $199, when in reality  its true cost  is $599.  This higher price tag is what it would cost the consumer to buy the phone straight from the manufacturer (this is also roughly what the carrier pays to the manufacturer). When you cut the contract length by a year, you need to increase the monthly subsidy to pay for the phone.

Carriers Are Also To Blame

Carriers have allowed for the undervaluation of smartphones by using their marketing and business model to hide the subsidy amortization in the monthly price of the phone.  Carriers are not always explicit that part of the monthly plan is the amortization of the subsidy over the term of the phone’s contract.  In other words, they hid the subsidy in the monthly plans and offer phones at a reduced rate. People have become used to this and have forgotten about the time when cell phones actually cost more than $250.

The CRTC Is Also Part Of The Problem

The CRTC does not properly understand the problem and how to address it.  As a result, they are addressing the issues that are spawning out of the problem, but not attacking the core of the problem itself.  Put differently, they are treating the symptoms of the disease instead of the disease itself.  The CRTC has set out guidelines for contract terms to be no more than 2 years, which inadvertently increases the monthly cost because of the aforementioned subsidy.  Instead of addressing peripheral concerns like contract lengths, they should force carriers to separate the subsidy of the phone from the monthly cost of the service.  In doing so this would make consumers aware that phones are being subsidized by the carriers.

A Cellular Bind

The Canadian cell phone industry is essentially in a catch-22 and most likely will not escape from it for at least 5 years.  Many consumers are not aware of the subsidy component of their phones, while carriers are allowing this to happen. The misdirection of government oversight and regulation via the CRTC is addressing the issues that have sprung out of this situation, but not the root problem: the lack of visibility of subsidies that are included in most cell phone contracts.  Until this lack of transparency  is addressed and regulated on the part of the CRTC, we will continue to see a rise in consumer dissatisfaction when it comes to the prices of their mobile phone service.  However, by decreasing the contract term length to 2 years, the CRTC will realize, through market feedback, that they inadvertently increased monthly costs or up-front costs.  This realization should  give them a better understanding of the root cause of the problem, which of course is the lack of transparency regarding the subsidy that consumers pay for their cell phones.

A Way To Take Advantage Of The Situation

You may be wondering how as a consumer to take advantage of this situation.  It’s quite simple.  As your contract nears the end of its term, carriers may provide a phone upgrade before your contract is over in exchange for signing on for another 2-3 years.  This is the point where the carriers have determined you have paid out the subsidy for your last phone, allowing you to upgrade.  If you think you’ll stay on with the carrier, as soon as you can upgrade, then you should upgrade.  This will, in theory, allocate the subsidy component of your monthly fees to a new phone as opposed to record profits for the various cell phone carriers.

Good luck.

ODRIOD-U2 Power Supply in North America

After finding out the hard way that the ODRIOD-U2 cannot be powered by USB, I quickly came to an not so welcomed realization that I would have to source the power supply from hardkernel, shipping from Korea with a $25 shipping price tag for a $9 item. Thirty minutes of googling yield the nomenclature: the plug is a CW-Y5 plug or simply “2.5×0.8”. Further searching resulted in a North American supplier on eBay for less than $5/supply for the odroid power supply. Hope this saves someone an hour of searching and a couple dollars.

Proudly powered by WordPress
Theme: Esquire by Matthew Buchanan.