OPNsense Forum

Archive => 17.7 Legacy Series => Topic started by: fabio on September 02, 2017, 05:24:25 pm

Title: OpenVPN and RADIUS attributes
Post by: fabio on September 02, 2017, 05:24:25 pm

Hi All,
I would like to push ip address and routes to OpenVPN accounts using a RADIUS server.

With the current OPNSense implementation is it possible assign them with the Framed-IP-Address  and Framed-Route attrs ?

Looking the confiuration file seems the RADIUS server is just use to verify the password ... but maybe I'm wrong

Thanks

Title: Re: OpenVPN and RADIUS attributes
Post by: mimugmail on September 02, 2017, 08:49:27 pm

Yes, since Openvpn ignores these attributes

Title: Re: OpenVPN and RADIUS attributes
Post by: fabian on September 02, 2017, 09:11:38 pm

OpenVPN does not get RADIUS tags. It authenticates against a generic OPNsense authentication script which checks username and password. However OpenVPN has an own file to connect usernames to IP addresses.

Title: Re: OpenVPN and RADIUS attributes
Post by: fabio on September 03, 2017, 12:24:21 pm

Yes, at the moment I'm using "Client Specific Overrides" to push IPs and routes.

The idea was store this data to and external LDAP (already used for authentication) to simplify the users management and maybe add some logics to the RADIUS reply

looking around I've seen that the openvpn-auth-radius plugin should add those functionality... but its not present in the repository

Anyay thanks for the quick reply