freeradius+openvpn disconnect user from radius

Thu Jan 5 14:45:45 CET 2012

Thanks for clarification. So nobody able to change the code and create
any patch so far? and can we be able to di it via vendor specific
attributes trick?

On 1/5/2012 6:30 PM, Alexandre Chapellon wrote:
> From the ./UserAuth.cpp file in the radiusplugin code:
>
> /**The method send an authentication packet to the radius server and
>  * calls the method parseResponsePacket(). The following attributes
> are in the packet:
>  * - User_Name,
>  * - User_Password
>  * - NAS_PortCalling_Station_Id,
>  * - NAS_Identifier,
>  * - NAS_IP_Address,
>  * - NAS_Port_Type
>  * - Service_Type.
>  * @param context The context of the background process.
>  * @return An integer, 0 if the authentication succeded, else 1.*/
>
> Nothing about processing timeout...
>
> Le 05/01/2012 14:00, Azfar Hashmi a écrit :
>> pptp and l2tp working fine, if I see radiusplgin source code then these
>> things are defined there ie.g session-timeout and idle-timeout but since
>> I am not good in programing i have no idea why they are there, anyone
>> confirm why they are in code if not supported? I am on v2.1a b1
>>
>> 1/5/2012 11:17 AM, Azfar Hashmi wrote:I am gonna try it now. On 1/4/2012
>> 5:49 PM, Alexandre Chapellon a
>>
>> wrote:
>>>> pptp does it very well (at least poptop does). Never tried with L2TP
>>>> itself but I know ppp sessions inside L2TP tunnels works as
>>>> expected... but that inly pppd works ok with session-timeout.
>>>>
>>>> Regards.
>>>>
>>>> Le 04/01/2012 12:19, Azfar Hashmi a écrit :
>>>>> One more related question. I have to test this with pptp and lt2p
>>>>> also,
>>>>> do they support it?
>>>>>
>>>>> On 1/4/2012 4:14 PM, Azfar Hashmi wrote:
>>>>>> Hi Alexandre,
>>>>>>
>>>>>> Thanks for sharing your experience.
>>>>>>
>>>>>> On 1/4/2012 4:02 PM, Alexandre Chapellon wrote:
>>>>>>> I tried to setup exactly the same things a while ago using the
>>>>>>> radiusplugin for openvpn.
>>>>>>> It just don't work! Looking at the code of the radiusplugin I could
>>>>>>> not find anything that handle Sessiontimeout attribute (I didn't
>>>>>>> tried
>>>>>>> with Acc-Session-Timeout but didn't see anything either).
>>>>>>> Even if You try to ack the plugin (which look quite simple), I'm
>>>>>>> not
>>>>>>> sure openvpn have anymecanism that would allow it to termitate a
>>>>>>> connection after a specified duration (except monitoring connecting
>>>>>>> duration with the telent interface.... a real pain).
>>>>>>> I asked on the mailing list of radiusplugin which is even lower
>>>>>>> traffic and gave up. Maybe asking about openvpn being able to
>>>>>>> disconnect based on time  could be a question for start a thread in
>>>>>>> openvpn general ML.
>>>>>>>
>>>>>>> regards.
>>>>>>>
>>>>>>> P.S: I'd be glad to hear about if you succeed in doing that! ;)
>>>>>>>
>>>>>>> Le 04/01/2012 10:41, Azfar Hashmi a écrit :
>>>>>>>> I did but the list has very low activity. Only few posts in
>>>>>>>> numerous
>>>>>>>> days there.
>>>>>>>>
>>>>>>>> On 1/4/2012 1:32 PM, Fajar A. Nugraha wrote:
>>>>>>>>> On Wed, Jan 4, 2012 at 3:18 PM, Azfar
>>>>>>>>> Hashmi<azfar.hashmi at cloudways.com>    wrote:
>>>>>>>>>> Anyone confirm me that openvpn support
>>>>>>>>>> session-timout/acct-session-timeout, i want radius to tell my
>>>>>>>>>> NAS to
>>>>>>>>>> disconnect users if they reached their expiration. Currently its
>>>>>>>>>> not
>>>>>>>>>> working.
>>>>>>>>> Did you ask in openvpn list? It should be a more suitable
>>>>>>>>> place for
>>>>>>>>> this question, and AFAIK the answer is no.
>>>>>>>>>
>>>>>>>> -
>>>>>>>> List info/subscribe/unsubscribe? See
>>>>>>>> http://www.freeradius.org/list/users.html
>>>>>> -
>>>>>> List info/subscribe/unsubscribe? See
>>>>>> http://www.freeradius.org/list/users.html
>>>>> -
>>>>> List info/subscribe/unsubscribe? See
>>>>> http://www.freeradius.org/list/users.html
>>> -
>>> List info/subscribe/unsubscribe? See
>>> http://www.freeradius.org/list/users.html
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>