Thanks for your reply, > Thibault Le Meur wrote: > > Openvpn sometimes needs to renegotiate the connections and > thus sends > > authentication requests while the connection is still > active (with an > > already assigned IP address): this causes FR to assign a new IP > > address from the pool (which seems normal since FR has no > way to know > > this is a renegotiation). > > So why isn't the radiusplugin telling FreeRADIUS what the > old IP address was?
Because It's still beta ;-), I can fix this > > I'd like to patch the openvpn-radiusplugin so that an extra > attribute > > is sent in the Access-Accept packets so that FR will be able to > > differentiate Initial and Renegociation Access-Accept requests and > > only assign new IP address from the pool on Initial Access-Accept > > requests. > > I think you mean Access-Request packet. Sorry for the mistake, I meant Access-Request of course > If it doesn't have > a Framed-IP-Address attribute, FreeRADIUS can allocate & send > one in an Access-Accept. > If openvpn re-authenticates a > session with an existing IP address, it should send > Framed-IP-Address in the Access-Request. I get you right, my patch may be as easy as to make radiusplugin add the Framed-IP-Address attribute in the Access-Request packet with the already assigned IP Address when it is a renegotiation. Thanks a lot Alan. Regards, Thibault - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html