IP Pool management and Re-authentication

Thibault Le Meur Thibault.LeMeur at supelec.fr
Tue Mar 20 18:11:12 CET 2007


Hi,

I'm using a system (openvpn) with 'radiusplugin' to let FR authenticate
users and manage IP Pools.

Openvpn sometimes needs to renegotiate the connections and thus sends
authentication requests while the connection is still active (with an
already assigned IP address): this causes FR to assign a new IP address from
the pool (which seems normal since FR has no way to know this is a
renegotiation).

I'd like to patch the openvpn-radiusplugin so that an extra attribute is
sent in the Access-Accept packets so that FR will be able to differentiate
Initial and Renegociation Access-Accept requests and only assign new IP
address from the pool on Initial Access-Accept requests.

Do you know a standard Radius attribute that could be used for this ?
As far as you know, are there other NASes using such a quirk ? Does this
make sense ?

Thanks in advance,
Thibault






More information about the Freeradius-Users mailing list