IP Pool management and Re-authentication
Thibault Le Meur
Thibault.LeMeur at supelec.fr
Wed Mar 21 18:38:15 CET 2007
<quote>
I've been using OpenVPN + Ralf's Radiusplugin for several months and
recently moved away from server-side IP assignment. However, while I did use
it, I found that in my configuration FreeRADIUS only assigned new IPs when
the accounting for that user had stopped (ie, if it recieved a STOP packet).
</quote>
Curious this is not what I see here ??
What is/was your FR server version ?
Anyway, Alan said that a 'good nas' should send the Framed-IP-Address in the
Access-Request if it has been already assigned one: this wasn't done by
radiusplugin, thus I think I'll keep the pacth.
<quote>
This meant, that once I'd crashed the openvpn server 3 times with users on
it :-) there were many IP's who were 'lost' - their sessions had never
ended, hence the IP was never returned to the pool.
</quote>
Sure, this is also true for my others NAS (pppd based), but they are quite
robust (I hope openvpn is/will be as robust ;-)).
<quote>
I was doing renegotiation every 20 minutes if I remember correctly, and the
freeradius replied with the same IP for the user time and time again.
</quote>
Interesting, what could explain that mine allocate new IP addresses each
time ?
Should rlm_ippool allocate the same IP for a NAS-IP/NAS-port couple if the
entry isn't cleaned from the pool ?
(Anyway, I think it's better to have FR not re-send Framed-IP-Address since
it would cause an unsuseful write to the client-config file from the
radiusplugin.)
<quote>
Hence, I'm beginning to wonder if it's configuration-specific, because I
didn't have any problems.
</quote>
I can trust you, but I don't know where to search for a setup mistake.
Does someone has an idea ?
Thanks in advance,
Thibault
More information about the Freeradius-Users
mailing list