Problems on replying attributes

Tue Apr 21 21:28:29 CEST 2020

Ok. Thank you.
I try to be more accurate.
I use radius to authenticate users accessing VPN.
The NAS in this case is a VPN gateway and I need each user to have their 
fixed IP address accessing the private network. This in order to 
discriminate what he can do.
Therefore, in the authentication process radius replies to NAS the IP 
address to assign to vpn client throught Framed-IP-Address attribute.
If user requests connection to another VPN gateway, obviously I need 
radius assigns a different IP address corrisponding to the subnets 
managed by that gateway.
Except for the initial configuration now I use Daloradius to manage the 
radius database, so I have few experience with configuration files
This is the scenario.
I'm looking for a suggestion to know what I can do or on which 
configuration files I have to operate.

Marco.

Il 21/04/20 20:09, Alan DeKok ha scritto:
> On Apr 21, 2020, at 1:55 PM, Marco Miglietta <marco.miglietta at unisalento.it> wrote:
>> In the authentication process on my freeradius v3 server, I reply to user its IP address to access VPN (Framed-IP-Address vsa).
>> Now, I have to assign different IP address depending on which NAS the user wants access to.
>    Assign address from... where?  sqlippool?  Manually assigned address?
>
>> Is there a simple solution that I'm not finding ?
>> Can anyone tell me in what direction should I direct my studies ?
>    The "unlang" policy language allows for full if / then / else checks.
>
>    You can do something like:
>
> 	if (Packet-Src-IP-Address == 1.2.3.4) {
> 		... stuff ...
> 	}
> 	elsif (Packet-Src-IP-Address == 2.3.4.5) {
> 		... other stuff ...
> 	}
>
>    But the best solution depends on what you want to do.  So please explain your requirements in detail.  It helps a lot.
>
>    Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-- 

--------------------------------------------------------------------------------------

*Ing. Marco Miglietta*

*Universita' del Salento*

Ripartizione Tecnica e Tecnologica - Area Gestione Infrastrutture

Ex Collegio Fiorini - Via per Arnesano - Monteroni di Lecce (LE) - ITALY

tel: +39 0832 299050/299058 - fax: +39 0832 299998

mob: +39 320 9223913

skype: marcomiglietta

mail: marco.miglietta at unisalento.it

web: www.unisalento.it <http://www.unisalento.it>

--------------------------------------------------------------------------------------