Fwd: AUTO AND MANUAL DISCONNECT NOT WORK FREE RADIUS-DALO RADIUSS
Matthew Newton
mcn at freeradius.org
Wed Aug 23 13:10:49 UTC 2023
On 23/08/2023 02:45, King Slaver wrote:
> All the things are configured correctly with openvpn,
OK.
> All accounting is working.
>
> But when accessperiod reaches, it sends a coa disconnect request, which
> results in recv- coa
> And disconnect ACK
>
> but the user still connected, if it loggot manualy on next login it gets
> error of plan reached.
A lot of NAS devices don't support CoA, or are very picky about what
they will accept in the CoA packet.
I would check that OpenVPN actually support CoA - can you configure it
to listen on port 3799, for instance? My suspicion is that it's not
supported at all. It's an area of RADIUS that is often overlooked and
ignored.
If it is supported then you need to find what attributes need to be in
the disconnect request. That's usually a non-trivial problem, a lot of
vendors don't document this anywhere, and it can be trial and error to
get it working.
Also of course use tcpdump or equivalent to make sure that the CoA
disconnect packet is being sent from FreeRADIUS.
If the packet is being sent, then you need to ask on the OpenVPN mailing
lists for support, as it's nothing to do with FreeRADIUS.
> However fot me it is also not working manual radius -x disconnect, it does
> same send and gets received, user still got connected.
That seems key. If you can't manually send a packet and get a user
disconnected then you need to get that working first. But I suspect that
OpenVPN doesn't support it. You need to ask them about it - if it's not
supported there the there's nothing you can do in FreeRADIUS to fix that
and what you are trying to do is then impossible. If so you would need
to find other ways to kill sessions.
--
Matthew
More information about the Freeradius-Users
mailing list