Show Posts
1
24.1 Legacy Series / external FreeRadius attrib on openvpn instance
« on: July 15, 2024, 03:00:34 pm »
Hello,
I am using opnsense (with openvpn server instance) , and I have external openLDAP and external Freeradius.
I have configured FreeRadius to use Pool-Name and give Framed-IP-Address and Framed-IP-Netmask to opnsense (NAS). Doing some tests, I could see in the Freeradius log that it gives Framed-IP-Address and Framed-IP-Netmask.
example: 5) Sent Access-Accept Id 62 from 10.29.6.136:1812 to 10.29.6.104:15146 length 50 (5) Framed-IP-Address = 192.168.249.215 (5) Framed-IP-Netmask = 255.255.254.0
The OpenVPN server does not configure or send the OpenVPN client the Framed-IP address, it gives it another IP. example log: 2024-07-15T14:25:18 3 Notice openvpn_server1 20718 user1/10.29.6.110:63021 MULTI_sva: pool returned IPv4=192.168.248.6, IPv6=(Not Enabled)
It seems that the OpenVPN server (instance on opnsense) could not retransmit Framed-IP-Address = 192.168.249.215 , and sends IPv4=192.168.248.6 to the client.
I have seen some posts talking about CSO , but I don't want to write or rewrite files in opnsense and not save users in files because I am using OpenLDAP for that.
opnsense 24.1 , has this funcionality (openvpn radius plugin) that handles Framed-IP-Netmask and Framed-IP-Address attributes?
plugin: https://github.com/OpenVPN-Community/openvpn-radiusplugin
debian repo package: libpam-radius-auth
info: https://caiyos.com/articles/how-to-use-openvpn-with-radius-authentication
I am using opnsense (with openvpn server instance) , and I have external openLDAP and external Freeradius.
I have configured FreeRadius to use Pool-Name and give Framed-IP-Address and Framed-IP-Netmask to opnsense (NAS). Doing some tests, I could see in the Freeradius log that it gives Framed-IP-Address and Framed-IP-Netmask.
example: 5) Sent Access-Accept Id 62 from 10.29.6.136:1812 to 10.29.6.104:15146 length 50 (5) Framed-IP-Address = 192.168.249.215 (5) Framed-IP-Netmask = 255.255.254.0
The OpenVPN server does not configure or send the OpenVPN client the Framed-IP address, it gives it another IP. example log: 2024-07-15T14:25:18 3 Notice openvpn_server1 20718 user1/10.29.6.110:63021 MULTI_sva: pool returned IPv4=192.168.248.6, IPv6=(Not Enabled)
It seems that the OpenVPN server (instance on opnsense) could not retransmit Framed-IP-Address = 192.168.249.215 , and sends IPv4=192.168.248.6 to the client.
I have seen some posts talking about CSO , but I don't want to write or rewrite files in opnsense and not save users in files because I am using OpenLDAP for that.
opnsense 24.1 , has this funcionality (openvpn radius plugin) that handles Framed-IP-Netmask and Framed-IP-Address attributes?
plugin: https://github.com/OpenVPN-Community/openvpn-radiusplugin
debian repo package: libpam-radius-auth
info: https://caiyos.com/articles/how-to-use-openvpn-with-radius-authentication