freeradius+openvpn disconnect user from radius
Alexandre Chapellon
a.chapellon at horoa.net
Wed Jan 4 13:49:39 CET 2012
pptp does it very well (at least poptop does). Never tried with L2TP
itself but I know ppp sessions inside L2TP tunnels works as expected...
but that inly pppd works ok with session-timeout.
Regards.
Le 04/01/2012 12:19, Azfar Hashmi a écrit :
> One more related question. I have to test this with pptp and lt2p also,
> do they support it?
>
> On 1/4/2012 4:14 PM, Azfar Hashmi wrote:
>> Hi Alexandre,
>>
>> Thanks for sharing your experience.
>>
>> On 1/4/2012 4:02 PM, Alexandre Chapellon wrote:
>>> I tried to setup exactly the same things a while ago using the
>>> radiusplugin for openvpn.
>>> It just don't work! Looking at the code of the radiusplugin I could
>>> not find anything that handle Sessiontimeout attribute (I didn't tried
>>> with Acc-Session-Timeout but didn't see anything either).
>>> Even if You try to ack the plugin (which look quite simple), I'm not
>>> sure openvpn have anymecanism that would allow it to termitate a
>>> connection after a specified duration (except monitoring connecting
>>> duration with the telent interface.... a real pain).
>>> I asked on the mailing list of radiusplugin which is even lower
>>> traffic and gave up. Maybe asking about openvpn being able to
>>> disconnect based on time could be a question for start a thread in
>>> openvpn general ML.
>>>
>>> regards.
>>>
>>> P.S: I'd be glad to hear about if you succeed in doing that! ;)
>>>
>>> Le 04/01/2012 10:41, Azfar Hashmi a écrit :
>>>> I did but the list has very low activity. Only few posts in numerous
>>>> days there.
>>>>
>>>> On 1/4/2012 1:32 PM, Fajar A. Nugraha wrote:
>>>>> On Wed, Jan 4, 2012 at 3:18 PM, Azfar
>>>>> Hashmi<azfar.hashmi at cloudways.com> wrote:
>>>>>> Anyone confirm me that openvpn support
>>>>>> session-timout/acct-session-timeout, i want radius to tell my NAS to
>>>>>> disconnect users if they reached their expiration. Currently its not
>>>>>> working.
>>>>> Did you ask in openvpn list? It should be a more suitable place for
>>>>> this question, and AFAIK the answer is no.
>>>>>
>>>> -
>>>> List info/subscribe/unsubscribe? See
>>>> http://www.freeradius.org/list/users.html
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
<http://www.horoa.net>
Alexandre Chapellon
Ingénierie des systèmes open sources et réseaux.
Follow me on twitter: @alxgomz <http://www.twitter.com/alxgomz>
More information about the Freeradius-Users
mailing list