On Fri, 24 Jun 2005, Ralf [UTF-8] Lübben wrote:
> Hello,
>
> the radius plugin in is working.
> I have still some questions about the OpenVpn behaviour.
>
> After one hour there is a rekeying/reauthentication of the user? Is that
> right.
Yes, this depends on the value of the --reneg-sec parame
Hello,
the radius plugin in is working.
I have still some questions about the OpenVpn behaviour.
After one hour there is a rekeying/reauthentication of the user? Is that
right. The problem is that before an user can be authenticated from the
plugin the user needs a disconnect from OpenVpn for thi
Am Dienstag, den 17.05.2005, 23:39 +0400 schrieb Ralf Lübben:
> Or are there great advantages if every user gets his own tun
> interface?
No. This is not really necessary.
> To Torge Szczepanek: Which radius server do you use?
> I use freeradius and I think I can only set
I am als
> One more question to the plugin PLUGIN_CLIENT_DISCONNECT:
> Does every plugin which is called, gets the pointer to thesame
> struct openvpn_plugin_handle_t, so I can save here the socket to
> the background processes and the plugin PLUGIN_CLIENT_DISCONNECT
> can send data to these socket numbe
Hello.
Thank you for all the ideas.
I think I will do the radius plugin in the following way:
1. Authentication:
split privilege execution model
plugin: OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY
- Attributes ACCECP-REQUEST:
- Username
- Password
- NAS-Port = unique for each user, increment if
On Tue, 17 May 2005, Torge Szczepanek wrote:
> Am Dienstag, den 17.05.2005, 07:18 -0600 schrieb James Yonan:
>
> > It's more like the opposite: 1.x supported a specific tunx interface and
> > port for each client. 2.0 was rewritten to allow all clients to share a
> > single tun/tap interface a
> 2. Accounting
> Here I'm not sure, want is the best way to do it, maybe somebody have
> some ideas.
> One idea is to create for every openvpn-client who
> connects to the openvpn-server a own process with fork().
> So every process gets his own Acct-Interim-Interval and can send
> the accountin
Am Dienstag, den 17.05.2005, 07:18 -0600 schrieb James Yonan:
> It's more like the opposite: 1.x supported a specific tunx interface and
> port for each client. 2.0 was rewritten to allow all clients to share a
> single tun/tap interface and TCP/UDP port. The 2.0 approach tends to be
> preferre
On Tue, 17 May 2005, Torge Szczepanek wrote:
> Am Dienstag, den 17.05.2005, 15:20 +0400 schrieb Ralf Lübben:
>
> > I want to send following attribute:
> > Username
> > Password
> > NAS-Port = number of the tun interface
>
> This is bad, since you must send a unique identifier to the Radius
> Ser
On Tue, 17 May 2005, Ralf [UTF-8] Lübben wrote:
> Hello,
>
> I finished a C++class for the radius protocol. So I can send, receive and
> analyze authentication and accounting radius packets.
>
> Now I will start to create the openvpn-plugin.
>
> I have there still some quesitions:
>
> When are
Am Dienstag, den 17.05.2005, 15:20 +0400 schrieb Ralf Lübben:
> I want to send following attribute:
> Username
> Password
> NAS-Port = number of the tun interface
This is bad, since you must send a unique identifier to the Radius
Server for every connected client if I understand this correctly.
Hello,
I finished a C++class for the radius protocol. So I can send, receive and
analyze authentication and accounting radius packets.
Now I will start to create the openvpn-plugin.
I have there still some quesitions:
When are called the funktions:
openvpn-plugin_open_v1
openvpn
12 matches
Mail list logo
