strongSwan + FreeRadius DHCP pool

[Arran Cudbard-Bell]

> On 17 Apr 2016, at 18:10, Laurens Vets <laurens at daemon.be> wrote:
> 
> On 2016-04-15 12:19, Alan DeKok wrote:
>> On Apr 15, 2016, at 3:03 PM, Laurens Vets <laurens at daemon.be> wrote:
>>> So I've added several ip addresses to the radippool table. For testing purposes, I'm using 2 pools, 1_pool and 2_pool. Can I assign a pool based on clients listed in clients.conf? ("ippool = 1_pool" does not seem to work)
>>  You can't just invent syntax and stick it into the configuration files.
>>  The documentation says that you need to set Pool-Name for the pool
>> module to allocate an IP.  Setting "ippool = 1_pool" in the
>> clients.conf file doesn't do that.
>>  You need to write "unlang" statements which set the Pool-Name.  See
>> the default configuration files for examples of using unlang.
> 
> So there's no way to set Pool-Name in the clients.conf file?

client foo {
	pool_name = 'whatever'
}

update control {
	&Pool-Name := "%{client:pool_name}"
}

> From what I can see in the unlang manual, I have to do:
> update control {
>    &Pool-Name := "1_pool"
> }

In v3.1.x every client definition bar those bulkloaded from SQL can have custom attributes, which you can access using the %{client:var} xlat.

Should work in v3.0.x too.

> Do I need to do that in mods-enabled/dhcp_sqlippool? If so, will that mean I will have to write unlang if statements to match a pool to some other attribute (for instance NAS-Port-Id, Called-Station-Id or NAS-Identifier)

No, you do it in the sections authorize/authenticate etc.. of the virtual server.

-Arran

Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 872 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20160417/3e9e14bd/attachment-0001.sig>