Freeradius Framed-IP-Address not working with strongswan
Alexis Lacoste
alexislacoste2 at gmail.com
Wed Jun 1 15:14:16 UTC 2022
Thanks for the answers Alan and Michael.
I corrected my error in the users.conf file after reading the man users.
I put Service-Type = Framed-User before the Framed-IP-Address attribut. I
understood that there are reply items and check items, and that check items
are always at the beginning.
It works perfectly now.
Best regards.
Le mer. 1 juin 2022 à 15:51, Alan DeKok <aland at deployingradius.com> a
écrit :
> On Jun 1, 2022, at 9:21 AM, Alexis Lacoste <alexislacoste2 at gmail.com>
> wrote:
> > The thing is that the freeradius is on the same machine as the vpn
> server.
> > it has the internal address (172.16.10.111) and the public one.
>
> That doesn't matter. As I said:
>
> a) leave your network alone, and fix FreeRADIUS to use the IPs supplied by
> the network
>
> b) leave FreeRADIUS alone, and fix your network to use the IPs you expect
>
> Pick one.
>
> FreeRADIUS doesn't control the networking configuration on the OS. So
> if the packets come from the "wrong" IP address, nothing you do to
> FreeRADIUS will change the source IP of the UDP packets.
>
> > The user needs to be accepted since the peap authentication succeed.
> What I
> > want is for the user (test1.vpn) to get a static virtual IP address.
>
> You want FreeRADIUS to *reply* with a static IP address.
>
> > I thought that I could do that using the Framed-IP-Address attribut by
> > reading this : https://freeradius.org/rfc/rfc2865.html#Framed-IP-Address
> > The VPN NAT all the trafic to the designed subnets, it's a roadwarrior
> > situation.
>
> Yes, Framed-IP-Address is the correct attribute to use. But you're not
> *checking* for the existence of the Framed-IP-Address attribute. You're
> *adding* it to the reply.
>
> See "man users", which is the documentation for the "users" file you
> were editing. This is made very clear.
>
> If you read the rest of the file you were editing
> (mods-config/files/authorize), you will see references to
> Framed-IP-Address. These are examples of how to reply with a
> Framed-IP-Address.
>
> Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list