OPNsense Forum
Archive => 18.7 Legacy Series => Topic started by: fabio on August 03, 2018, 06:25:32 pm
-
Hi All,
I've noticed that the RADIUS attributes are not pushed to the client if the server see the client connected
To reprocude the bethaviour
01- cliente connection
02- RADIUS auth reqeust
03- RADIUS reply with attributes
04- Framed-IP-Address and Framed-Route are assignes to the cliente
05- client disconnection / connection
07- RADIUS auth reqeust
08- RADIUS reply with attributes
09- Framed-IP-Address and Framed-Route are NOT assignes to the cliente
If you Kill client connection fom the GUI
11- cliente connection
12- RADIUS auth reqeust
13- RADIUS reply with attributes
14- Framed-IP-Address and Framed-Route are assignes to the cliente
At the moment as cliente I've only used "OpenVPN for Android"
Cheers,
-
This is an old version of the client which doesnt support disconnect. I had this too with OpenVPN 2.2
-
Just tryed the the last versione (2.4.6) of the community windows GUI and I see the same bethaviour.
In the server PUSH_REPLY logs are missing all the RADIUS attributes (if the client Common Name result already connected )
Do I need to set some specific server paramiters ?
Cheers,
-
Normally this works when client logs off. When you disconnect, wait for two mins, then the client is timed out and you can relogin
-
Some additional tests,
Now I've remove the RADIUS configuraiton so I've only "loacal database" and local "Client Specific Overrides"
... same results;
With a fast disconnect/reconnect the CSO file on the filesystem is not created
I've the feeling that is something related to the direcrive client-disconnect and the /usr/local/etc/inc/plugins.inc.d/openvpn/attributes.sh script:
commenting out "/usr/local/etc/inc/plugins.inc.d/openvpn/ovpn_cleanup_cso.php $1" in that script
all works as aspected (at least by me) ... no idea of eventually side effects
Cheers,
-
Solved with patch cdb4b81
Thanks