IPsec Group Authentication

Started by ServerCat, June 11, 2025, 10:48:22 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
June 11, 2025, 10:48:22 AM
Hello,

I've installed IPsec using connections. Authentication run over FreeRADIUS. Let me a few words explain. There are two user Profile, users and devs.

1. Radius check it  in LDAP and generate an answer like this.
Code Select
               
if(LDAP-Group == "devs") {
                        update reply { Class += "devs" }
    }

if(LDAP-Group == "users") {
                        update reply { Class += "users" }
    }

2. In the opnsense, under System->Access->Groups, i created the two groups. devs and users.

3. Under "VPN->IPsec->Connections" there are two connections. In "Remote Authentication" of each connection i set the Group i want to this conneciton.

This worked well since the last Update to 25.1.7_4. Into the log files i get this.

Code Select
constraint check failed: group membership to 'devs' required
unacceptable: non-matching authentication done

Debug: If i take out the Group in the "Remote Authentication", then "Nothing selected" stand in the field, connect to the VPN work then.

Can some one help me? Wath is changed?
Print
Go Up Pages1
User actions