Vincent Rusilowicz wrote:
I have a Multi Tennant VPN gateway that I terminate multiple customers on. If I authenticate sessions to local database on router there is no segregation, so one customer can authenticate to another customers VPN (inserting the connection into that specific VRF) with any local username password on the router. I can source radius auth requests from IP’s specific to individual customer VRF’s and need to use a segregated username password database to service these requests. I would like the solution to be able to scale to at least 100 clients that use individual username/password files. Is the solution you recommended above the best way to handle this.
No. This is what databases are for. Create a database with 3 columns. One is client IP. The second is the user name. The third is the password. When the server receives a request, you can select the password by client IP and user-name. That leaves RADIUS doing RADIUS work, and databases storing data. Using the RADIUS server to store lots of client accounts works, but is best to avoid for complicated situations.
Are you saying make multiple instances inside the existing files module, like how “second_files” was created, or copy the files module multiple times to creating client specifi file names and modify its content to files files_192.168.1.2 { .
Yes.
If I use the above I would only need to add the :
case 192.168.1.2 { files_192.168.1.2
section for each additional client correct and files module created right?
Yes.
For this method I should remove the virtual server I created and add the lines you suggest to the default file in sites-available in the authorize section?
Yes. Alan DeKok.