Project

General

Profile

Actions

Bug #13546

closed

OpenVpn with FreeRadius Framed-Ip-Address does not work if client name differs common name

Added by Mikael * 2 months ago. Updated 2 months ago.

Status:
Not a Bug
Priority:
Low
Assignee:
-
Category:
OpenVPN
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
Affected Architecture:

Description

Hi,
I've been troubleshooting why framed-ip-address assigned by FreeRadius did not work with OpenVpn. First off I was initially running rel. 2.6 which hash the bug #12076 so I upgraded to Plus on rel. 22.05 and the issue persisted.
After few hours of debugging it finally hit me, the client name assigned in FreeRadius does not match common name for the OpenVPN user.

In my OpenVPN-config I've set authentication to use SSL/TLS + User Auth and the username of the user is user1 and in the users certificate I set the common name to user1-vpn-cert.

Turning on the option Username as common name solved the issue for me. I think this issue should be better described in the docs or maybe the AVP-feature should be reworked?

Actions #1

Updated by Jim Pingle 2 months ago

  • Status changed from New to Not a Bug

There is no bug here, it's working exactly as it should. If the username doesn't match the certificate, you can toggle the option to change the behavior.

Actions

Also available in: Atom PDF