IP Pool management and Re-authentication
Thibault Le Meur
Thibault.LeMeur at supelec.fr
Tue Mar 20 18:42:03 CET 2007
Thanks for your reply,
> Thibault Le Meur wrote:
> > Openvpn sometimes needs to renegotiate the connections and
> thus sends
> > authentication requests while the connection is still
> active (with an
> > already assigned IP address): this causes FR to assign a new IP
> > address from the pool (which seems normal since FR has no
> way to know
> > this is a renegotiation).
>
> So why isn't the radiusplugin telling FreeRADIUS what the
> old IP address was?
Because It's still beta ;-), I can fix this
> > I'd like to patch the openvpn-radiusplugin so that an extra
> attribute
> > is sent in the Access-Accept packets so that FR will be able to
> > differentiate Initial and Renegociation Access-Accept requests and
> > only assign new IP address from the pool on Initial Access-Accept
> > requests.
>
> I think you mean Access-Request packet.
Sorry for the mistake, I meant Access-Request of course
> If it doesn't have
> a Framed-IP-Address attribute, FreeRADIUS can allocate & send
> one in an Access-Accept.
> If openvpn re-authenticates a
> session with an existing IP address, it should send
> Framed-IP-Address in the Access-Request.
I get you right, my patch may be as easy as to make radiusplugin add the
Framed-IP-Address attribute in the Access-Request packet with the already
assigned IP Address when it is a renegotiation.
Thanks a lot Alan.
Regards,
Thibault
More information about the Freeradius-Users
mailing list