Re: [Openvpn-devel] Re: Radius support (Authentification, Authorization and Accounting)

2005-06-28 Thread James Yonan
On Fri, 24 Jun 2005, Ralf [UTF-8] Lübben wrote: > Hello, > > the radius plugin in is working. > I have still some questions about the OpenVpn behaviour. > > After one hour there is a rekeying/reauthentication of the user? Is that > right. Yes, this depends on the value of the --reneg-sec parame

[Openvpn-devel] Re: Radius support (Authentification, Authorization and Accounting)

2005-06-24 Thread Ralf Lübben
Hello, the radius plugin in is working. I have still some questions about the OpenVpn behaviour. After one hour there is a rekeying/reauthentication of the user? Is that right. The problem is that before an user can be authenticated from the plugin the user needs a disconnect from OpenVpn for thi

Re: [Openvpn-devel] Re: Radius support (Authentification, Authorization and Accounting)

2005-05-17 Thread Torge Szczepanek
Am Dienstag, den 17.05.2005, 23:39 +0400 schrieb Ralf Lübben: > Or are there great advantages if every user gets his own tun > interface? No. This is not really necessary. > To Torge Szczepanek: Which radius server do you use? > I use freeradius and I think I can only set I am als

Re: [Openvpn-devel] Re: Radius support (Authentification, Authorization and Accounting)

2005-05-17 Thread James Yonan
> One more question to the plugin PLUGIN_CLIENT_DISCONNECT: > Does every plugin which is called, gets the pointer to thesame > struct openvpn_plugin_handle_t, so I can save here the socket to > the background processes and the plugin PLUGIN_CLIENT_DISCONNECT > can send data to these socket numbe

[Openvpn-devel] Re: Radius support (Authentification, Authorization and Accounting)

2005-05-17 Thread Ralf Lübben
Hello. Thank you for all the ideas. I think I will do the radius plugin in the following way: 1. Authentication: split privilege execution model plugin: OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY - Attributes ACCECP-REQUEST: - Username - Password - NAS-Port = unique for each user, increment if

Re: [Openvpn-devel] Re: Radius support (Authentification, Authorization and Accounting)

2005-05-17 Thread James Yonan
On Tue, 17 May 2005, Torge Szczepanek wrote: > Am Dienstag, den 17.05.2005, 07:18 -0600 schrieb James Yonan: > > > It's more like the opposite: 1.x supported a specific tunx interface and > > port for each client. 2.0 was rewritten to allow all clients to share a > > single tun/tap interface a

Re: [Openvpn-devel] Re: Radius support (Authentification, Authorization and Accounting)

2005-05-17 Thread James Yonan
> 2. Accounting > Here I'm not sure, want is the best way to do it, maybe somebody have > some ideas. > One idea is to create for every openvpn-client who > connects to the openvpn-server a own process with fork(). > So every process gets his own Acct-Interim-Interval and can send > the accountin

Re: [Openvpn-devel] Re: Radius support (Authentification, Authorization and Accounting)

2005-05-17 Thread Torge Szczepanek
Am Dienstag, den 17.05.2005, 07:18 -0600 schrieb James Yonan: > It's more like the opposite: 1.x supported a specific tunx interface and > port for each client. 2.0 was rewritten to allow all clients to share a > single tun/tap interface and TCP/UDP port. The 2.0 approach tends to be > preferre

Re: [Openvpn-devel] Re: Radius support (Authentification, Authorization and Accounting)

2005-05-17 Thread James Yonan
On Tue, 17 May 2005, Torge Szczepanek wrote: > Am Dienstag, den 17.05.2005, 15:20 +0400 schrieb Ralf Lübben: > > > I want to send following attribute: > > Username > > Password > > NAS-Port = number of the tun interface > > This is bad, since you must send a unique identifier to the Radius > Ser

Re: [Openvpn-devel] Re: Radius support (Authentification, Authorization and Accounting)

2005-05-17 Thread James Yonan
On Tue, 17 May 2005, Ralf [UTF-8] Lübben wrote: > Hello, > > I finished a C++class for the radius protocol. So I can send, receive and > analyze authentication and accounting radius packets. > > Now I will start to create the openvpn-plugin. > > I have there still some quesitions: > > When are

Re: [Openvpn-devel] Re: Radius support (Authentification, Authorization and Accounting)

2005-05-17 Thread Torge Szczepanek
Am Dienstag, den 17.05.2005, 15:20 +0400 schrieb Ralf Lübben: > I want to send following attribute: > Username > Password > NAS-Port = number of the tun interface This is bad, since you must send a unique identifier to the Radius Server for every connected client if I understand this correctly.

[Openvpn-devel] Re: Radius support (Authentification, Authorization and Accounting)

2005-05-17 Thread Ralf Lübben
Hello, I finished a C++class for the radius protocol. So I can send, receive and analyze authentication and accounting radius packets. Now I will start to create the openvpn-plugin. I have there still some quesitions: When are called the funktions: openvpn-plugin_open_v1 openvpn