I configured IPSec VPN server for remote clients on Cisco 2811 with XAuth (see attached cisco vpn configuration). At first I configured clients extended authentication (Xauth) using local IOS users database and it worked ok, but then I tried to configure clients authentication via FreeRADIUS and got authentication errors (see a part of attached freeradius log): in fact, instead of client's username/password sent via Xauth, Cisco sends a VPN-Group/pre-shared key combination to FreeRADIUS. Obviously FreeRADIUS can't find such username/password in it's database and replies with an error. Is it possible somehow to reconfigure Cisco in such a way that it would sent username/password insead of VPN-Group/Pre-shared key, or to reconfigure FreeRADIUS so that it would interpret VPN-Group/Pre-shared key parameters?
xauth to radius server should not really be sending the group name and password towards the radius. xauth should send the username and password when user authenticates.
1) You can try to authenticate to the radius server from the router itself, using the "test aaa" command --> check if the authentication works.
2) When you are connecting with the vpn client, did you get prompted for username and password, and what did you enter?