Project

General

Profile

Actions

Bug #11569

closed

ACLs generated from RADIUS reply attributes have incorrect syntax

Added by Dmitry Bashkarev about 3 years ago. Updated about 3 years ago.

Status:
Resolved
Priority:
Very Low
Category:
OpenVPN
Target version:
Start date:
02/27/2021
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
2.5.0
Affected Architecture:

Description

FreeRADIUS ACLs:

Cisco-AVPair = "ip:inacl#1=permit tcp 192.168.1.2 0.0.0.0 any",
Cisco-AVPair += "ip:inacl#2=permit tcp 192.168.1.1 0.0.0.0 10.10.128.151 0.0.0.0 eq 80",

Created OpenVPN rules:

pass in quick on ovpns1 inet proto tcp from 192.168.1.2/32to any  
pass in quick on ovpns1 inet proto tcp from 192.168.1.1/32to 10.10.128.151/32port = 80  

Expected OpenVPN rules:

pass in quick on ovpns1 inet proto tcp from 192.168.1.2/32 to any
pass in quick on ovpns1 inet proto tcp from 192.168.1.1/32 to 10.10.128.151/32 port = 80

Actions

Also available in: Atom PDF