First We should know if openvpn is able to create a vpn session for a
certain amount of time and then disconnect the user once time expired...
I am not sure openvpn has such a feature... If it doesn't that mean that
openvpn code would also need to be hacked.
This thread is slightly becomming off-topic, maybe people interessted in
it should continue discussion elsewhere or via direct mail exchanges?
Le 05/01/2012 14:45, Azfar Hashmi a écrit :
Thanks for clarification. So nobody able to change the code and create
any patch so far? and can we be able to di it via vendor specific
attributes trick?
On 1/5/2012 6:30 PM, Alexandre Chapellon wrote:
From the ./UserAuth.cpp file in the radiusplugin code:
/**The method send an authentication packet to the radius server and
* calls the method parseResponsePacket(). The following attributes
are in the packet:
* - User_Name,
* - User_Password
* - NAS_PortCalling_Station_Id,
* - NAS_Identifier,
* - NAS_IP_Address,
* - NAS_Port_Type
* - Service_Type.
* @param context The context of the background process.
* @return An integer, 0 if the authentication succeded, else 1.*/
Nothing about processing timeout...
Le 05/01/2012 14:00, Azfar Hashmi a écrit :
pptp and l2tp working fine, if I see radiusplgin source code then these
things are defined there ie.g session-timeout and idle-timeout but since
I am not good in programing i have no idea why they are there, anyone
confirm why they are in code if not supported? I am on v2.1a b1
1/5/2012 11:17 AM, Azfar Hashmi wrote:I am gonna try it now. On 1/4/2012
5:49 PM, Alexandre Chapellon a
wrote:
pptp does it very well (at least poptop does). Never tried with L2TP
itself but I know ppp sessions inside L2TP tunnels works as
expected... but that inly pppd works ok with session-timeout.
Regards.
Le 04/01/2012 12:19, Azfar Hashmi a écrit :
One more related question. I have to test this with pptp and lt2p
also,
do they support it?
On 1/4/2012 4:14 PM, Azfar Hashmi wrote:
Hi Alexandre,
Thanks for sharing your experience.
On 1/4/2012 4:02 PM, Alexandre Chapellon wrote:
I tried to setup exactly the same things a while ago using the
radiusplugin for openvpn.
It just don't work! Looking at the code of the radiusplugin I could
not find anything that handle Sessiontimeout attribute (I didn't
tried
with Acc-Session-Timeout but didn't see anything either).
Even if You try to ack the plugin (which look quite simple), I'm
not
sure openvpn have anymecanism that would allow it to termitate a
connection after a specified duration (except monitoring connecting
duration with the telent interface.... a real pain).
I asked on the mailing list of radiusplugin which is even lower
traffic and gave up. Maybe asking about openvpn being able to
disconnect based on time could be a question for start a thread in
openvpn general ML.
regards.
P.S: I'd be glad to hear about if you succeed in doing that! ;)
Le 04/01/2012 10:41, Azfar Hashmi a écrit :
I did but the list has very low activity. Only few posts in
numerous
days there.
On 1/4/2012 1:32 PM, Fajar A. Nugraha wrote:
On Wed, Jan 4, 2012 at 3:18 PM, Azfar
Hashmi<azfar.has...@cloudways.com> wrote:
Anyone confirm me that openvpn support
session-timout/acct-session-timeout, i want radius to tell my
NAS to
disconnect users if they reached their expiration. Currently its
not
working.
Did you ask in openvpn list? It should be a more suitable
place for
this question, and AFAIK the answer is no.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
<http://www.horoa.net>
Alexandre Chapellon
Ingénierie des systèmes open sources et réseaux.
Follow me on twitter: @alxgomz <http://www.twitter.com/alxgomz>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html