My question again (was: Netmask HOWTO)

Phil Mayers p.mayers at imperial.ac.uk
Fri Jul 2 18:10:50 CEST 2010


On 02/07/10 15:18, loki wrote:
> At 15:23 2.7.2010, you wrote:
>> On 02/07/10 12:26, loki wrote:
>>> Hello all.
>>>
>>> I need some kind of solution very urgent. My question was - is it
>>> possible to set Framed-IP-Netmask, together with IPs through
>>> sqlippool, somehow by default, via groupreply or something, or to
>>> change sqlippool somewhow to achive this. Or is this only possible
>>> through ippool (txt - version in /etc).
>>> I tried through groupreply but it didn't work.
>>
>> "It didn't work" is a useless statement.
>>
>> Show the debug output run with "-X", as advised daily on this list.
>>
>> I can think of a few ways of doing this, but without more info I can't help.
>
> Thx for your reply.
>
> Unfortunatly it's a production system already in heavy use so I can't
> use -X. But I'm only searching for ways of howto, ways not to be
> found on the net. This I can try without interrupting radius until one
> is working. I tried it with radgroureply (Framed-IP-Netmask) and it
> didn't work. I tried it per user (radreply) and this worked. But the
> thing is that I want to implement it
> in sqlippool. Which per se is already working for stuff that I don't

Allright, then that's easy: No.

rlm_sqlippool only updates Framed-IP-Address. You would either need to 
patch the module to lookup & add the framed IP, or use another module.

> have to forward netmasks. But now I have to accomplish this with
> OpenVPN and there I have to forward different Netmasks
> based on groups or pools. It could be that the plugin of OpenVPN
> isn't compatible with this but I guess than the user-version wouldn't
> work as well. All in all I'm not searching for debugging, I'm searching
> for ways of how to do it from someone who maybe had the same problem of setup.

Framed-Netmask is just a radius attribute. You can fill it's contents in 
any way you like. For example, you might try something like this:

postauth {
   sqlippool
   update reply {
     Framed-Netmask = "%{sql:SELECT mynetmask FROM mynetmasktable WHERE 
ip='%{Framed-IP-Address}'}"
   }
}

...if you're running something like Postgres you can be even more 
sophisticated:

     Framed-Netmask = "%{sql:SELECT netmask(net) from mynets where mynet 
 >> '%{Framed-IP-Address}'}"

...it depends on your SQL schema.



More information about the Freeradius-Users mailing list