I am trying to use a Proxy-To-Realm condition to differentiate between portal
VPN logins and SSH'ing into the VPN itself. This is the request I can see
for a VPN Portal Auth:
User-Name = "bob"
User-Password = "bob"
NAS-Port = 65536
Called-Station-Id = "1.1.1.1"
Calling-Station-Id = "2.2.2.2"
NAS-Port-Type = Virtual
Tunnel-Client-Endpoint:0 = "2.2.2.2"
NAS-IP-Address = 1.1.1.1
Cisco-AVPair = "ip:source-ip=2.2.2.2"
Since the attribute Tunnel-Client-Endpoint:0 appears to be unique to VPN
Portal requests, I used that for my condition.
This is my condition in the default site:
if ("%{request:Tunnel-Client-Endpoint:0}" ==
"%{request:Calling-Station-ID}" ) {
update control {
Proxy-To-Realm := IST_VPN_SERVER
}
}
#CLI
elsif (NAS-Port-Type == Virtual) {
update control {
Proxy-To-Realm := NOC_MGMT_SERVER
}
}
And this is what I see when the condition is processed:
if ("%{request:Tunnel-Client-Endpoint:0}" == "%{request:Calling-Station-ID}"
)
expand: %{request:Tunnel-Client-Endpoint:0} ->
expand: %{request:Calling-Station-ID} -> 2.2.2.2
? Evaluating ("%{request:Tunnel-Client-Endpoint:0}" ==
"%{request:Calling-Station-ID}" ) -> FALSE
Tunnel-Client-Endpoint:0 appears to be null when I know that it is not. It
should read 2.2.2.2.
Any idea why?
Thanks,
Dave
--
View this message in context: http://freeradius.1045715.n5.nabble.com/Variable-reports-null-but-can-be-seen-in-request-tp4469920p4469920.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.