On Fri, 29 Apr 2005, Ralf [iso-8859-1] L?bben wrote: > Hello, > > I am interesting in build radius support for OpenVpn. > At the moment I'am thinking about what is the best way. > > 1. Authentification and Authroization: > I think this already works with the plugin pam_radius_auth.so, is that right?
Yes. > But I am interested in more features, > like to get the ip-address and the routes from the RADIUS-Server. > Can this be done with a plugin? Maybe by creating the configurationfiles at > the start of the connection? > Or could this be integrated in the Source Code? I think this would be the > best > solution. You should be able to do this as a plugin. OpenVPN plugins can register a number of callbacks (see openvpn-plugin.h). You could use OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY to verify user/pass, OPENVPN_PLUGIN_CLIENT_CONNECT to pass IP address and routes, and OPENVPN_PLUGIN_CLIENT_DISCONNECT to process client disconnects. > I hope the fea > 2. Accounting: > I need to count the traffic of a VPN-connection, one the side every traffic > which goes from a client to the server (tun0-interface) and one the other > side every traffic which goes through the VPN, maybe from one client to > another client. > So when I use the counter of the tun-interface, I lose the traffic which goes > from one client to another. If I count the traffic of the eth-interface I get > other traffic, which has nothing to do with the vpn. The OPENVPN_PLUGIN_CLIENT_DISCONNECT callback (or script) can access client bandwidth info on the about-to-be-closed session by looking at the bytes_received and bytes_sent environmental variables. See the man page for more info. James
