Re: [Openvpn-devel] Radius support (Authentification, Authorization and Accounting)

2005-05-03 Thread James Yonan
On Tue, 3 May 2005, Ralf [iso-8859-1] Lübben wrote: > Hello, > > I tried to create a concept for the RADIUS-Plugin. > Maybe someone have some additional ideas or can answer me some questions I > wrote down in the following text. > > --

Re: [Openvpn-devel] Radius support (Authentification, Authorization and Accounting)

2005-05-03 Thread Torge Szczepanek
Am Dienstag, den 03.05.2005, 13:48 +0200 schrieb Ralf Lübben: > If the server sends a "access-accept-ticket" the authorization is ok, > in the > ticket can be some attributes: > > - Framed-IP-Address: The IP-address which is pushed to the client. AFAIK for receiving a Framed-IP-Address out of a

Re: [Openvpn-devel] Radius support (Authentification, Authorization and Accounting)

2005-05-03 Thread Ralf Lübben
Hello, I tried to create a concept for the RADIUS-Plugin. Maybe someone have some additional ideas or can answer me some questions I wrote down in the following text. - Start of the connec

Re: [Openvpn-devel] Radius support (Authentification, Authorization and Accounting)

2005-05-01 Thread Daniel Lehmann
Am Samstag, den 30.04.2005, 13:27 -0600 schrieb James Yonan: > Take a look at the "setenv" directive. The setenv list is passed to > plugins. Hmmm, I must have overseen this. What a luck that I haven't flamed RTFM on the list yet :-) Maybe I've also overseen the new wiki. Did you have time to

Re: [Openvpn-devel] Radius support (Authentification, Authorization and Accounting)

2005-05-01 Thread Daniel Lehmann
Am Samstag, den 30.04.2005, 13:33 -0600 schrieb James Yonan: > I agree that this method is not perfect, but it has the two important > properties that: > > (1) it lets OpenVPN handle script or plugin calls the same > (2) it works on all OSes, including Windows > > And remember that you can also

Re: [Openvpn-devel] Radius support (Authentification, Authorization and Accounting)

2005-04-30 Thread James Yonan
One other possible sticking point: If you want to handle IP address allocation through Radius, you will need to figure out a way to have Radius allocate /30 subnets rather than individual IP addresses. The current Windows TUN/TAP driver requires this when running in TUN mode (and eliminating t

Re: [Openvpn-devel] Radius support (Authentification, Authorization and Accounting)

2005-04-30 Thread James Yonan
On Sat, 30 Apr 2005, Daniel Lehmann wrote: > Am Samstag, den 30.04.2005, 01:42 -0600 schrieb James Yonan: > [snip] > > No, you have to write configuration file directives (containing the > > appropriate ifconfig-push directive) to the temporary file provided by the > > caller. This is so that we

Re: [Openvpn-devel] Radius support (Authentification, Authorization and Accounting)

2005-04-30 Thread James Yonan
On Sat, 30 Apr 2005, Daniel Lehmann wrote: > Am Samstag, den 30.04.2005, 01:42 -0600 schrieb James Yonan: > > Right now, you can only get it by reading the --status file. For 2.1 I'm > > considering to add another script/callback for passing current accounting > > data. > > > > One of the goal

Re: [Openvpn-devel] Radius support (Authentification, Authorization and Accounting)

2005-04-30 Thread Daniel Lehmann
Am Samstag, den 30.04.2005, 01:42 -0600 schrieb James Yonan: [snip] > No, you have to write configuration file directives (containing the > appropriate ifconfig-push directive) to the temporary file provided by the > caller. This is so that we can maintain an identical interface for both > script

Re: [Openvpn-devel] Radius support (Authentification, Authorization and Accounting)

2005-04-30 Thread Daniel Lehmann
Am Samstag, den 30.04.2005, 01:42 -0600 schrieb James Yonan: > Right now, you can only get it by reading the --status file. For 2.1 I'm > considering to add another script/callback for passing current accounting > data. > > One of the goals of the plugin interface is to allow a fully-featured >

Re: [Openvpn-devel] Radius support (Authentification, Authorization and Accounting)

2005-04-30 Thread James Yonan
On Sat, 30 Apr 2005, Ralf [iso-8859-1] Lübben wrote: > Hello, > > thank you. That solves a lot of my problems. > > I have still one problem with accouting. > When a client connect, I get a ticket from the RADIUS-Server, there is given > an interval, in which I must send Alive-tickets to the RAD

Re: [Openvpn-devel] Radius support (Authentification, Authorization and Accounting)

2005-04-30 Thread Ralf Lübben
Hello, thank you. That solves a lot of my problems. I have still one problem with accouting. When a client connect, I get a ticket from the RADIUS-Server, there is given an interval, in which I must send Alive-tickets to the RADIUS-Server with the actual traffic and the time of the connection.

Re: [Openvpn-devel] Radius support (Authentification, Authorization and Accounting)

2005-04-29 Thread James Yonan
On Fri, 29 Apr 2005, Ralf [iso-8859-1] L?bben wrote: > Hello, > > I am interesting in build radius support for OpenVpn. > At the moment I'am thinking about what is the best way. > > 1. Authentification and Authroization: > I think this already works with the plugin pam_radius_auth.so, is that ri

[Openvpn-devel] Radius support (Authentification, Authorization and Accounting)

2005-04-29 Thread Ralf Lübben
Hello, I am interesting in build radius support for OpenVpn. At the moment I'am thinking about what is the best way. 1. Authentification and Authroization: I think this already works with the plugin pam_radius_auth.so, is that right? But I am interested in more features, like to get the ip-addre