Re: Dear Expert(Need assistance with Freeradius + openvpn consulting)
I have tried both radiusplugin and pam_auth_radius but both not working on session-timeout. On 1/6/2012 5:27 PM, sekchel lee wrote: > The expenses will be paid by US dollar. > Current states and My Requirements > > Computer 1 (Freeradius server action) mysql db > CentOS-6.0-x86_64 ssh port ready > > nas1 (openvpn server action ) ssh port ready > CentOS-6.0-x86_64 > > openvpn user > (mysql/ userid/password ==> Authentication ,Authorization,Accounting) action > But > UserDrop(disconnect) Function is no action > > My Requirements > > radius user drop Function (For openvpn user) > F1) Max-All-Session(Time Limit (secs)) > F2) Expiration (User Expiration Date ) > > I want radius user drop function (for openvpn user) > F1) only > F2) only > F1) + F2) both ==> F1(O) F2(X) --> drop F1(X) F2(O) --> drop > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius+openvpn disconnect user from radius
Thanks for clarification. So nobody able to change the code and create any patch so far? and can we be able to di it via vendor specific attributes trick? On 1/5/2012 6:30 PM, Alexandre Chapellon wrote: > From the ./UserAuth.cpp file in the radiusplugin code: > > /**The method send an authentication packet to the radius server and > * calls the method parseResponsePacket(). The following attributes > are in the packet: > * - User_Name, > * - User_Password > * - NAS_PortCalling_Station_Id, > * - NAS_Identifier, > * - NAS_IP_Address, > * - NAS_Port_Type > * - Service_Type. > * @param context The context of the background process. > * @return An integer, 0 if the authentication succeded, else 1.*/ > > Nothing about processing timeout... > > Le 05/01/2012 14:00, Azfar Hashmi a écrit : >> pptp and l2tp working fine, if I see radiusplgin source code then these >> things are defined there ie.g session-timeout and idle-timeout but since >> I am not good in programing i have no idea why they are there, anyone >> confirm why they are in code if not supported? I am on v2.1a b1 >> >> 1/5/2012 11:17 AM, Azfar Hashmi wrote:I am gonna try it now. On 1/4/2012 >> 5:49 PM, Alexandre Chapellon a >> >> wrote: >>>> pptp does it very well (at least poptop does). Never tried with L2TP >>>> itself but I know ppp sessions inside L2TP tunnels works as >>>> expected... but that inly pppd works ok with session-timeout. >>>> >>>> Regards. >>>> >>>> Le 04/01/2012 12:19, Azfar Hashmi a écrit : >>>>> One more related question. I have to test this with pptp and lt2p >>>>> also, >>>>> do they support it? >>>>> >>>>> On 1/4/2012 4:14 PM, Azfar Hashmi wrote: >>>>>> Hi Alexandre, >>>>>> >>>>>> Thanks for sharing your experience. >>>>>> >>>>>> On 1/4/2012 4:02 PM, Alexandre Chapellon wrote: >>>>>>> I tried to setup exactly the same things a while ago using the >>>>>>> radiusplugin for openvpn. >>>>>>> It just don't work! Looking at the code of the radiusplugin I could >>>>>>> not find anything that handle Sessiontimeout attribute (I didn't >>>>>>> tried >>>>>>> with Acc-Session-Timeout but didn't see anything either). >>>>>>> Even if You try to ack the plugin (which look quite simple), I'm >>>>>>> not >>>>>>> sure openvpn have anymecanism that would allow it to termitate a >>>>>>> connection after a specified duration (except monitoring connecting >>>>>>> duration with the telent interface a real pain). >>>>>>> I asked on the mailing list of radiusplugin which is even lower >>>>>>> traffic and gave up. Maybe asking about openvpn being able to >>>>>>> disconnect based on time could be a question for start a thread in >>>>>>> openvpn general ML. >>>>>>> >>>>>>> regards. >>>>>>> >>>>>>> P.S: I'd be glad to hear about if you succeed in doing that! ;) >>>>>>> >>>>>>> Le 04/01/2012 10:41, Azfar Hashmi a écrit : >>>>>>>> I did but the list has very low activity. Only few posts in >>>>>>>> numerous >>>>>>>> days there. >>>>>>>> >>>>>>>> On 1/4/2012 1:32 PM, Fajar A. Nugraha wrote: >>>>>>>>> On Wed, Jan 4, 2012 at 3:18 PM, Azfar >>>>>>>>> Hashmiwrote: >>>>>>>>>> Anyone confirm me that openvpn support >>>>>>>>>> session-timout/acct-session-timeout, i want radius to tell my >>>>>>>>>> NAS to >>>>>>>>>> disconnect users if they reached their expiration. Currently its >>>>>>>>>> not >>>>>>>>>> working. >>>>>>>>> Did you ask in openvpn list? It should be a more suitable >>>>>>>>> place for >>>>>>>>> this question, and AFAIK the answer is no. >>>>>>>>> >>>>>>>> - >>>>>>>> List info/subscribe/unsubscribe? See >>>>>>>> http://www.freeradius.org/list/users.html >>>>>> - >>>>>> List info/subscribe/unsubscribe? See >>>>>> http://www.freeradius.org/list/users.html >>>>> - >>>>> List info/subscribe/unsubscribe? See >>>>> http://www.freeradius.org/list/users.html >>> - >>> List info/subscribe/unsubscribe? See >>> http://www.freeradius.org/list/users.html >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius+openvpn disconnect user from radius
pptp and l2tp working fine, if I see radiusplgin source code then these things are defined there ie.g session-timeout and idle-timeout but since I am not good in programing i have no idea why they are there, anyone confirm why they are in code if not supported? I am on v2.1a b1 1/5/2012 11:17 AM, Azfar Hashmi wrote:I am gonna try it now. On 1/4/2012 5:49 PM, Alexandre Chapellon a wrote: >> pptp does it very well (at least poptop does). Never tried with L2TP >> itself but I know ppp sessions inside L2TP tunnels works as >> expected... but that inly pppd works ok with session-timeout. >> >> Regards. >> >> Le 04/01/2012 12:19, Azfar Hashmi a écrit : >>> One more related question. I have to test this with pptp and lt2p also, >>> do they support it? >>> >>> On 1/4/2012 4:14 PM, Azfar Hashmi wrote: >>>> Hi Alexandre, >>>> >>>> Thanks for sharing your experience. >>>> >>>> On 1/4/2012 4:02 PM, Alexandre Chapellon wrote: >>>>> I tried to setup exactly the same things a while ago using the >>>>> radiusplugin for openvpn. >>>>> It just don't work! Looking at the code of the radiusplugin I could >>>>> not find anything that handle Sessiontimeout attribute (I didn't tried >>>>> with Acc-Session-Timeout but didn't see anything either). >>>>> Even if You try to ack the plugin (which look quite simple), I'm not >>>>> sure openvpn have anymecanism that would allow it to termitate a >>>>> connection after a specified duration (except monitoring connecting >>>>> duration with the telent interface a real pain). >>>>> I asked on the mailing list of radiusplugin which is even lower >>>>> traffic and gave up. Maybe asking about openvpn being able to >>>>> disconnect based on time could be a question for start a thread in >>>>> openvpn general ML. >>>>> >>>>> regards. >>>>> >>>>> P.S: I'd be glad to hear about if you succeed in doing that! ;) >>>>> >>>>> Le 04/01/2012 10:41, Azfar Hashmi a écrit : >>>>>> I did but the list has very low activity. Only few posts in numerous >>>>>> days there. >>>>>> >>>>>> On 1/4/2012 1:32 PM, Fajar A. Nugraha wrote: >>>>>>> On Wed, Jan 4, 2012 at 3:18 PM, Azfar >>>>>>> Hashmi wrote: >>>>>>>> Anyone confirm me that openvpn support >>>>>>>> session-timout/acct-session-timeout, i want radius to tell my >>>>>>>> NAS to >>>>>>>> disconnect users if they reached their expiration. Currently its >>>>>>>> not >>>>>>>> working. >>>>>>> Did you ask in openvpn list? It should be a more suitable place for >>>>>>> this question, and AFAIK the answer is no. >>>>>>> >>>>>> - >>>>>> List info/subscribe/unsubscribe? See >>>>>> http://www.freeradius.org/list/users.html >>>> - >>>> List info/subscribe/unsubscribe? See >>>> http://www.freeradius.org/list/users.html >>> - >>> List info/subscribe/unsubscribe? See >>> http://www.freeradius.org/list/users.html > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius+openvpn disconnect user from radius
I am gonna try it now. On 1/4/2012 5:49 PM, Alexandre Chapellon wrote: > pptp does it very well (at least poptop does). Never tried with L2TP > itself but I know ppp sessions inside L2TP tunnels works as > expected... but that inly pppd works ok with session-timeout. > > Regards. > > Le 04/01/2012 12:19, Azfar Hashmi a écrit : >> One more related question. I have to test this with pptp and lt2p also, >> do they support it? >> >> On 1/4/2012 4:14 PM, Azfar Hashmi wrote: >>> Hi Alexandre, >>> >>> Thanks for sharing your experience. >>> >>> On 1/4/2012 4:02 PM, Alexandre Chapellon wrote: >>>> I tried to setup exactly the same things a while ago using the >>>> radiusplugin for openvpn. >>>> It just don't work! Looking at the code of the radiusplugin I could >>>> not find anything that handle Sessiontimeout attribute (I didn't tried >>>> with Acc-Session-Timeout but didn't see anything either). >>>> Even if You try to ack the plugin (which look quite simple), I'm not >>>> sure openvpn have anymecanism that would allow it to termitate a >>>> connection after a specified duration (except monitoring connecting >>>> duration with the telent interface a real pain). >>>> I asked on the mailing list of radiusplugin which is even lower >>>> traffic and gave up. Maybe asking about openvpn being able to >>>> disconnect based on time could be a question for start a thread in >>>> openvpn general ML. >>>> >>>> regards. >>>> >>>> P.S: I'd be glad to hear about if you succeed in doing that! ;) >>>> >>>> Le 04/01/2012 10:41, Azfar Hashmi a écrit : >>>>> I did but the list has very low activity. Only few posts in numerous >>>>> days there. >>>>> >>>>> On 1/4/2012 1:32 PM, Fajar A. Nugraha wrote: >>>>>> On Wed, Jan 4, 2012 at 3:18 PM, Azfar >>>>>> Hashmi wrote: >>>>>>> Anyone confirm me that openvpn support >>>>>>> session-timout/acct-session-timeout, i want radius to tell my >>>>>>> NAS to >>>>>>> disconnect users if they reached their expiration. Currently its >>>>>>> not >>>>>>> working. >>>>>> Did you ask in openvpn list? It should be a more suitable place for >>>>>> this question, and AFAIK the answer is no. >>>>>> >>>>> - >>>>> List info/subscribe/unsubscribe? See >>>>> http://www.freeradius.org/list/users.html >>> - >>> List info/subscribe/unsubscribe? See >>> http://www.freeradius.org/list/users.html >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius+openvpn disconnect user from radius
One more related question. I have to test this with pptp and lt2p also, do they support it? On 1/4/2012 4:14 PM, Azfar Hashmi wrote: > Hi Alexandre, > > Thanks for sharing your experience. > > On 1/4/2012 4:02 PM, Alexandre Chapellon wrote: >> I tried to setup exactly the same things a while ago using the >> radiusplugin for openvpn. >> It just don't work! Looking at the code of the radiusplugin I could >> not find anything that handle Sessiontimeout attribute (I didn't tried >> with Acc-Session-Timeout but didn't see anything either). >> Even if You try to ack the plugin (which look quite simple), I'm not >> sure openvpn have anymecanism that would allow it to termitate a >> connection after a specified duration (except monitoring connecting >> duration with the telent interface a real pain). >> I asked on the mailing list of radiusplugin which is even lower >> traffic and gave up. Maybe asking about openvpn being able to >> disconnect based on time could be a question for start a thread in >> openvpn general ML. >> >> regards. >> >> P.S: I'd be glad to hear about if you succeed in doing that! ;) >> >> Le 04/01/2012 10:41, Azfar Hashmi a écrit : >>> I did but the list has very low activity. Only few posts in numerous >>> days there. >>> >>> On 1/4/2012 1:32 PM, Fajar A. Nugraha wrote: >>>> On Wed, Jan 4, 2012 at 3:18 PM, Azfar >>>> Hashmi wrote: >>>>> Anyone confirm me that openvpn support >>>>> session-timout/acct-session-timeout, i want radius to tell my NAS to >>>>> disconnect users if they reached their expiration. Currently its not >>>>> working. >>>> Did you ask in openvpn list? It should be a more suitable place for >>>> this question, and AFAIK the answer is no. >>>> >>> - >>> List info/subscribe/unsubscribe? See >>> http://www.freeradius.org/list/users.html > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius+openvpn disconnect user from radius
Hi Alexandre, Thanks for sharing your experience. On 1/4/2012 4:02 PM, Alexandre Chapellon wrote: > I tried to setup exactly the same things a while ago using the > radiusplugin for openvpn. > It just don't work! Looking at the code of the radiusplugin I could > not find anything that handle Sessiontimeout attribute (I didn't tried > with Acc-Session-Timeout but didn't see anything either). > Even if You try to ack the plugin (which look quite simple), I'm not > sure openvpn have anymecanism that would allow it to termitate a > connection after a specified duration (except monitoring connecting > duration with the telent interface a real pain). > I asked on the mailing list of radiusplugin which is even lower > traffic and gave up. Maybe asking about openvpn being able to > disconnect based on time could be a question for start a thread in > openvpn general ML. > > regards. > > P.S: I'd be glad to hear about if you succeed in doing that! ;) > > Le 04/01/2012 10:41, Azfar Hashmi a écrit : >> I did but the list has very low activity. Only few posts in numerous >> days there. >> >> On 1/4/2012 1:32 PM, Fajar A. Nugraha wrote: >>> On Wed, Jan 4, 2012 at 3:18 PM, Azfar >>> Hashmi wrote: >>>> Anyone confirm me that openvpn support >>>> session-timout/acct-session-timeout, i want radius to tell my NAS to >>>> disconnect users if they reached their expiration. Currently its not >>>> working. >>> Did you ask in openvpn list? It should be a more suitable place for >>> this question, and AFAIK the answer is no. >>> >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius+openvpn disconnect user from radius
I did but the list has very low activity. Only few posts in numerous days there. On 1/4/2012 1:32 PM, Fajar A. Nugraha wrote: > On Wed, Jan 4, 2012 at 3:18 PM, Azfar Hashmi > wrote: >> Anyone confirm me that openvpn support >> session-timout/acct-session-timeout, i want radius to tell my NAS to >> disconnect users if they reached their expiration. Currently its not >> working. > Did you ask in openvpn list? It should be a more suitable place for > this question, and AFAIK the answer is no. > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius+openvpn disconnect user from radius
Anyone confirm me that openvpn support session-timout/acct-session-timeout, i want radius to tell my NAS to disconnect users if they reached their expiration. Currently its not working. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Framed-IP-Address not working
Subnet topology was enabled in openvn conf. On 1/4/2012 12:49 PM, Marinko Tarlać wrote: > And what was the problem ? > > On 1/4/2012 6:55 AM, Azfar Hashmi wrote: >> Solved, problem was in openvpn. >> >> On 1/3/2012 3:30 PM, Azfar Hashmi wrote: >>> I have assigned static ip to some users but users still getting ip >>> addresses from openvpn server pool. what I am missing? >>> - >>> List info/subscribe/unsubscribe? See >>> http://www.freeradius.org/list/users.html >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Framed-IP-Address not working
Solved, problem was in openvpn. On 1/3/2012 3:30 PM, Azfar Hashmi wrote: > I have assigned static ip to some users but users still getting ip > addresses from openvpn server pool. what I am missing? > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Framed-IP-Address not working
I have assigned static ip to some users but users still getting ip addresses from openvpn server pool. what I am missing? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
