Hi,
I wrote a plugin for radius support, which creates client config files when the
event OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY occurs.
If the OpenVPN option "username-as-common-name" is used during
OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY event the common-name is still the one
from the certificate
Hi,
I got to know about the new return value OPENVPN_PLUGIN_FUNC_DEFERRED for
asynchronous authentication and I want to update my radius plugin soon.
But I have still some questions how AUTH_USER_PASS_VERIFY, CLIENT_CONNECT and
CLIENT_DISCONNECT events handled inside OpenVPN:
1) Is the data of
password.
Ralf Lübben
Ralf Lübben wrote:
> Hello,
>
> I am interesting in build radius support for OpenVpn.
> At the moment I'am thinking about what is the best way.
>
> 1. Authentification and Authroization:
> I think this already works with the plugin pam_radiu
0400 schrieb Ralf Lübben:
>>
>> > I want to send following attribute:
>> > Username
>> > Password
>> > NAS-Port = number of the tun interface
>>
>> This is bad, since you must send a unique identifier to the Radius
>> Server for every co
dresses.
Greetings
Ralf
Am Dienstag, 31. Mai 2005 12:24 schrieb Torge Szczepanek:
> Am Dienstag, den 31.05.2005, 10:09 +0000 schrieb Ralf Lübben:
> > If a client connects the nas port number is locked , if a client
> > disconnect the port number is freed.
> > A new clie
disconnect
the port number is freed.
A new client will always get the least number of the array.
Would this behaviour ok?
How many nas port numbers will I need?
I think 1000 will be enough or can there be more than 1000 clients at
the same time?
Greetings,
Ralf Lübben
Am Dienstag, 31. Mai
Hello,
Now, the accounting informations are read from the status file, which is
generated with the interval 1s. The whole accounting stuff is done by a
forked process. So if there are now other causes, I do not need the plugin.
Am Dienstag, 31. Mai 2005 01:32 schrieben Sie:
> > at the momemt
problem with freeradius? Must the number be in a special
range, maybe for assignment?
I have still another programming question. In the plugin example for pam,
all functions are static functions. Which advantages has the static
function opposite to a "normal" function?
Thank you.
Ralf Lübben
open_v1
I think the problem is that I use c++, if I compile with the gcc the
openvpn_plugin_open_v1 is found and the c++-objects are not fornd.
Is it possible to use the c++-classes and my radius classes with shared
libraries in OpenVpn?
At the moment I have no idea to solve this.
Greetings
Ralf Lübb
Hello,
the authentication is already working. The Framed IP Address and the Framed
Routes can be set by the radius server about the
auth-user-pass-verif-plugin. And every user gets a unique NAS-Port.
The easiest way to do the accounting process is to start it in the
auth-user-pass-verif-plugin and
Hello.
Thank you for all the ideas.
I think I will do the radius plugin in the following way:
1. Authentication:
split privilege execution model
plugin: OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY
- Attributes ACCECP-REQUEST:
- Username
- Password
- NAS-Port = unique for each user, increment if
Hello,
I finished a C++class for the radius protocol. So I can send, receive and
analyze authentication and accounting radius packets.
Now I will start to create the openvpn-plugin.
I have there still some quesitions:
When are called the funktions:
openvpn-plugin_open_v1
openvpn
Hello,
I tried to create a concept for the RADIUS-Plugin.
Maybe someone have some additional ideas or can answer me some questions I
wrote down in the following text.
-
Start of the connec
.
Can I get the data from OpenVPN during the connection?
Another question about the IP address and OPENVPN_PLUGIN_CLIENT_CONNECT.
Is there a possibility to give the IP address direct to the OpenVPN process or
must I create the configuration files when a client connects?
Ralf Lübben
Am
where I have to look in the source code to integrate this
feature.
I hope there is a gerneal interest in this feature.
For every help I am very grateful.
Ralf Lübben
15 matches
Mail list logo
