Virtual server setup

[Alan DeKok]

Vincent Rusilowicz wrote:
> I have a Multi Tennant VPN gateway that I terminate multiple customers
> on.  If I authenticate sessions to local database on router there is no
> segregation, so one customer can authenticate to another customers VPN
> (inserting the connection into that specific VRF) with any local
> username password on the router.  I can source radius auth requests from
> IP’s specific to individual customer VRF’s  and need to use a segregated
> username password database to service these requests.  I would like the
> solution to be able to scale to at least 100 clients that use individual
> username/password files.  Is the solution you recommended above the best
> way to handle this.

  No.  This is what databases are for.

  Create a database with 3 columns.  One is client IP.  The second is
the user name.  The third is the password.

  When the server receives a request, you can select the password by
client IP and user-name.

  That leaves RADIUS doing RADIUS work, and databases storing data.
Using the RADIUS server to store lots of client accounts works, but is
best to avoid for complicated situations.

> Are you saying make multiple instances inside the existing files module,
> like how “second_files” was created, or copy the files module multiple
> times to creating client specifi file names and modify its content to
> files files_192.168.1.2 {   .

  Yes.

> If I use the above I would only need to add the :
>  
> case 192.168.1.2 {
>                         files_192.168.1.2
>
> section for each additional client correct and files module created right? 

  Yes.

> For this method I should remove the virtual server I created and add the
> lines you suggest to the default file in sites-available in the
> authorize section?

  Yes.

  Alan DeKok.