Solution: IP Pool management and Re-authentication
Thibault Le Meur
Thibault.LeMeur at supelec.fr
Thu Mar 22 12:22:18 CET 2007
> Thibault Le Meur wrote:
> > I've patched the radiusplugin to add Framed-IP-Address to
> the re-auth
> > request but rlm_ippool still allocates a new IP Address
> (I'm using FR
> > 1.1.4).
>
> Ok. It seems like rlm_ippool should be updated to look for
> Framed-IP-Address in the request.
>
> That would be very useful, and would solve the problem
> you're seeing.
>
> Alan DeKok.
For those interested in an interim solution, here is a workaround:
1- make sure your NAS sends a Framed-IP-Address attribute in the
Access-Request when a re-authentication is performed (that is to say for
openvpn, use a patched version of radiusplugin)
2- Setup 2 Post-Auth-Types in the post-auth section:
Post-Auth-Type postauth.ovpn {
Ovpn_Main_Pool
reply_log
}
Post-Auth-Type postauth.ovpn.reauth {
reply_log
}
3- in the users file (for instance) dispatch incomming Access-Requests based
on the presence of the Framed-IP-Address attribute:
DEFAULT Framed-IP-Address !* Any, Huntgroup-Name == srvs-vpn-ovpn,
Post-Auth-type := postauth.ovpn
Fall-Through = no
DEFAULT Framed-IP-Address =* Any, Huntgroup-Name == srvs-vpn-ovpn,
Post-Auth-type := postauth.ovpn.reauth
Fall-Through = no
Thanks Alan for your help,
Regards,
Thibault
More information about the Freeradius-Users
mailing list