pfSense

from #13140:

pfSense+ version 22.01 on Netgate 7100 1u

I have run into an issue where users connecting to OpenVPN using a RADIUS backend for authentication/authorization are not having the correct rules installed in pf when the RADIUS server responds using Cisco-AVPair(s).

As an example, I have the following Cisco-AVPair response configured in Freeradius

Cisco-AVPair += "ip:inacl#1=permit udp host {clientip} host 10.100.0.1 eq 53" 
Cisco-AVPair += "ip:inacl#2=permit ip host {clientip} host 10.100.0.1" 
Cisco-AVPair += "ip:inacl#5=permit tcp host {clientip} host 10.120.0.1 eq 22" 
Cisco-AVPair += "ip:inacl#230=permit ip host {clientip} host 10.121.0.0 0.0.0.255" 
Cisco-AVPair += "ip:inacl#100=permit ip host {clientip} host 10.122.0.0 0.0.0.255" 
Cisco-AVPair += "ip:inacl#1000=permit ip host {clientip} host 10.123.0.0 0.0.0.255" 
Cisco-AVPair += "route=10.0.0.0 255.0.0.0",
Cisco-AVPair += "route=172.16.0.0 255.240.0.0",
Cisco-AVPair += "route=192.168.0.0 255.255.0.0" 

The file(s) containing the 'route' options for the users are not being removed from the '/tmp' directory.
e.g. The file '/tmp/user100' is never deleted once the user has connected to OpenVPN at least once.