Project

General

Profile

Actions

Bug #13145

closed

Per-user ``route`` files are not removed from ``/tmp`` when they are no longer needed

Added by Viktor Gurov 3 months ago. Updated 3 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Viktor Gurov
Category:
OpenVPN
Target version:
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
22.05
Release Notes:
Default
Affected Version:
2.6.0
Affected Architecture:

Description

from #13140:

pfSense+ version 22.01 on Netgate 7100 1u

I have run into an issue where users connecting to OpenVPN using a RADIUS backend for authentication/authorization are not having the correct rules installed in pf when the RADIUS server responds using Cisco-AVPair(s).

As an example, I have the following Cisco-AVPair response configured in Freeradius

Cisco-AVPair += "ip:inacl#1=permit udp host {clientip} host 10.100.0.1 eq 53" 
Cisco-AVPair += "ip:inacl#2=permit ip host {clientip} host 10.100.0.1" 
Cisco-AVPair += "ip:inacl#5=permit tcp host {clientip} host 10.120.0.1 eq 22" 
Cisco-AVPair += "ip:inacl#230=permit ip host {clientip} host 10.121.0.0 0.0.0.255" 
Cisco-AVPair += "ip:inacl#100=permit ip host {clientip} host 10.122.0.0 0.0.0.255" 
Cisco-AVPair += "ip:inacl#1000=permit ip host {clientip} host 10.123.0.0 0.0.0.255" 
Cisco-AVPair += "route=10.0.0.0 255.0.0.0",
Cisco-AVPair += "route=172.16.0.0 255.240.0.0",
Cisco-AVPair += "route=192.168.0.0 255.255.0.0" 

The file(s) containing the 'route' options for the users are not being removed from the '/tmp' directory.
e.g. The file '/tmp/user100' is never deleted once the user has connected to OpenVPN at least once.

Actions #2

Updated by Jim Pingle 3 months ago

  • Status changed from New to Pull Request Review
Actions #3

Updated by Jim Pingle 3 months ago

  • Status changed from Pull Request Review to Feedback

MR Merged.

Actions #4

Updated by Viktor Gurov 3 months ago

  • % Done changed from 0 to 100
Actions #5

Updated by Jim Pingle 3 months ago

  • Subject changed from The file(s) containing the 'route' options for the users are not being removed from the '/tmp' directory to Per-user ``route`` files are not removed from ``/tmp`` when they are no longer needed

Updating subject for release notes.

Actions #6

Updated by Jim Pingle 3 months ago

  • Status changed from Feedback to Resolved

Routes file is no longer left behind.

Actions

Also available in: Atom PDF