Bug #13546
closed
OpenVpn with FreeRadius Framed-Ip-Address does not work if client name differs common name
0%
Description
Hi,
I've been troubleshooting why framed-ip-address assigned by FreeRadius did not work with OpenVpn. First off I was initially running rel. 2.6 which hash the bug #12076 so I upgraded to Plus on rel. 22.05 and the issue persisted.
After few hours of debugging it finally hit me, the client name assigned in FreeRadius does not match common name for the OpenVPN user.
In my OpenVPN-config I've set authentication to use SSL/TLS + User Auth and the username of the user is user1 and in the users certificate I set the common name to user1-vpn-cert.
Turning on the option Username as common name solved the issue for me. I think this issue should be better described in the docs or maybe the AVP-feature should be reworked?
Updated by Jim Pingle about 2 years ago
- Status changed from New to Not a Bug
There is no bug here, it's working exactly as it should. If the username doesn't match the certificate, you can toggle the option to change the behavior.