Problems on replying attributes

Alan DeKok aland at
Tue Apr 21 22:06:59 CEST 2020

On Apr 21, 2020, at 3:28 PM, Marco Miglietta <marco.miglietta at> wrote:
> I use radius to authenticate users accessing VPN.
> The NAS in this case is a VPN gateway and I need each user to have their fixed IP address accessing the private network. This in order to discriminate what he can do.
> Therefore, in the authentication process radius replies to NAS the IP address to assign to vpn client throught Framed-IP-Address attribute.
> If user requests connection to another VPN gateway, obviously I need radius assigns a different IP address corrisponding to the subnets managed by that gateway.
> Except for the initial configuration now I use Daloradius to manage the radius database, so I have few experience with configuration files
> This is the scenario.
> I'm looking for a suggestion to know what I can do or on which configuration files I have to operate.

  You need to edit sites-enabled/default, and edit the "authorize" section.

  This kind of thing is difficult (if not impossible) to configure in a web UI, so editing the configuration files is your best bet.

  There are many examples in the configuration files of how to create policies.  You should read them, and run the server in debugging mode to see what it's doing.

  If you use a careful and slow process, then the configuration should be done quickly.  Ask questions if you're unsure.

  Alan DeKok.

More information about the Freeradius-Users mailing list