freeradius+openvpn disconnect user from radius
Alexandre Chapellon
a.chapellon at horoa.net
Thu Jan 5 14:30:17 CET 2012
From the ./UserAuth.cpp file in the radiusplugin code:
/**The method send an authentication packet to the radius server and
* calls the method parseResponsePacket(). The following attributes are
in the packet:
* - User_Name,
* - User_Password
* - NAS_PortCalling_Station_Id,
* - NAS_Identifier,
* - NAS_IP_Address,
* - NAS_Port_Type
* - Service_Type.
* @param context The context of the background process.
* @return An integer, 0 if the authentication succeded, else 1.*/
Nothing about processing timeout...
Le 05/01/2012 14:00, Azfar Hashmi a écrit :
> pptp and l2tp working fine, if I see radiusplgin source code then these
> things are defined there ie.g session-timeout and idle-timeout but since
> I am not good in programing i have no idea why they are there, anyone
> confirm why they are in code if not supported? I am on v2.1a b1
>
> 1/5/2012 11:17 AM, Azfar Hashmi wrote:I am gonna try it now. On 1/4/2012
> 5:49 PM, Alexandre Chapellon a
>
> wrote:
>>> pptp does it very well (at least poptop does). Never tried with L2TP
>>> itself but I know ppp sessions inside L2TP tunnels works as
>>> expected... but that inly pppd works ok with session-timeout.
>>>
>>> Regards.
>>>
>>> Le 04/01/2012 12:19, Azfar Hashmi a écrit :
>>>> One more related question. I have to test this with pptp and lt2p also,
>>>> do they support it?
>>>>
>>>> On 1/4/2012 4:14 PM, Azfar Hashmi wrote:
>>>>> Hi Alexandre,
>>>>>
>>>>> Thanks for sharing your experience.
>>>>>
>>>>> On 1/4/2012 4:02 PM, Alexandre Chapellon wrote:
>>>>>> I tried to setup exactly the same things a while ago using the
>>>>>> radiusplugin for openvpn.
>>>>>> It just don't work! Looking at the code of the radiusplugin I could
>>>>>> not find anything that handle Sessiontimeout attribute (I didn't tried
>>>>>> with Acc-Session-Timeout but didn't see anything either).
>>>>>> Even if You try to ack the plugin (which look quite simple), I'm not
>>>>>> sure openvpn have anymecanism that would allow it to termitate a
>>>>>> connection after a specified duration (except monitoring connecting
>>>>>> duration with the telent interface.... a real pain).
>>>>>> I asked on the mailing list of radiusplugin which is even lower
>>>>>> traffic and gave up. Maybe asking about openvpn being able to
>>>>>> disconnect based on time could be a question for start a thread in
>>>>>> openvpn general ML.
>>>>>>
>>>>>> regards.
>>>>>>
>>>>>> P.S: I'd be glad to hear about if you succeed in doing that! ;)
>>>>>>
>>>>>> Le 04/01/2012 10:41, Azfar Hashmi a écrit :
>>>>>>> I did but the list has very low activity. Only few posts in numerous
>>>>>>> days there.
>>>>>>>
>>>>>>> On 1/4/2012 1:32 PM, Fajar A. Nugraha wrote:
>>>>>>>> On Wed, Jan 4, 2012 at 3:18 PM, Azfar
>>>>>>>> Hashmi<azfar.hashmi at cloudways.com> wrote:
>>>>>>>>> Anyone confirm me that openvpn support
>>>>>>>>> session-timout/acct-session-timeout, i want radius to tell my
>>>>>>>>> NAS to
>>>>>>>>> disconnect users if they reached their expiration. Currently its
>>>>>>>>> not
>>>>>>>>> working.
>>>>>>>> Did you ask in openvpn list? It should be a more suitable place for
>>>>>>>> this question, and AFAIK the answer is no.
>>>>>>>>
>>>>>>> -
>>>>>>> List info/subscribe/unsubscribe? See
>>>>>>> http://www.freeradius.org/list/users.html
>>>>> -
>>>>> List info/subscribe/unsubscribe? See
>>>>> http://www.freeradius.org/list/users.html
>>>> -
>>>> List info/subscribe/unsubscribe? See
>>>> http://www.freeradius.org/list/users.html
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
<http://www.horoa.net>
Alexandre Chapellon
Ingénierie des systèmes open sources et réseaux.
Follow me on twitter: @alxgomz <http://www.twitter.com/alxgomz>
More information about the Freeradius-Users
mailing list