Bug #15176
closed
Change Mobile IPsec RADIUS accounting to use ``accounting_requires_vip`` so accounting will not activate for non-mobile VPNs
100%
Description
At some point strongSwan's eap-radius plugin gained a setting called accounting_requires_vip which makes strongSwan only send accounting packets for connections with virtual IP addresses. Currently only mobile VPNs have virtual IP addresses, so enabling that option should make the current warning against RADIUS accounting on vpn_ipsec_mobile.php obsolete since it would no longer try to perform accounting for every tunnel on the firewall.
Alter the current RADIUS accounting plugin setup to set that flag (charon > plugins > eap-radius > accounting_requires_vip = yes) and reword the note on vpn_ipsec_mobile.php to account for the change.
Updated by Jim Pingle 3 months ago
- Subject changed from Change Mobile IPsec RADIUS accounting to use `accounting_requires_vip` so accounting will not activate for non-mobile VPNs to Change Mobile IPsec RADIUS accounting to use ``accounting_requires_vip`` so accounting will not activate for non-mobile VPNs
Updated by Jim Pingle 3 months ago
- Status changed from New to Feedback
- % Done changed from 0 to 100
Applied in changeset 7caf3483ce5ba971ecfe7c8d04fbbfe60f3fbca1.
Updated by Danilo Zrenjanin 3 months ago
- Status changed from Feedback to Resolved
Tested the patch against:
23.09.1-RELEASE (arm) built on Fri Dec 8 21:55:00 CET 2023 FreeBSD 14.0-CURRENT
It looks good.
I am closing this ticket as resolved.