Project

General

Profile

Bug #6609

OpenVPN Radius auth doesn't send NAS attributes and is not consistent with how strongSwan does it

Added by Kacper Boström about 1 year ago. Updated 5 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
OpenVPN
Target version:
Start date:
07/13/2016
Due date:
% Done:

0%

Affected version:
All
Affected Architecture:

Description

OpenVPN Radius auth doesn't send NAS Port-Type (which should be "Virtual") and NAS Port (which preferably should be the port the client connected on). The NAS Identifier attribute should be "openVPN" and not the pfSense hostname (to be consistent with strongSwan).

This should simplify Radius authentication and allow for fine grained control over who can authenticate on each openVPN server instance.

History

#1 Updated by Chris Buechler about 1 year ago

  • Status changed from New to Confirmed
  • Affected version changed from 2.3.1 to All

#2 Updated by Kacper Boström about 1 year ago

I've submitted a github pull request (#3057) fixing this issue.

#3 Updated by Chris Buechler about 1 year ago

  • Target version set to 2.4.0

Thanks Kacper. Looks reasonable, outside the one line I left a comment on where a recent change was reverted, but something that should bake in snapshots longer than we'll have time for 2.3.2.

#4 Updated by Kacper Boström about 1 year ago

I fixed the lines that reverted the recent changes. My bad for committing things that really aren't part of the patch. I've force pushed my changes so they should be immediately visible in the pull request.

#5 Updated by Chris Buechler about 1 year ago

  • Status changed from Confirmed to Feedback

Thanks, merged to master for 2.4.

#6 Updated by Jim Pingle 5 months ago

  • Status changed from Feedback to Resolved
  • Target version changed from 2.4.0 to 2.3.3

Also available in: Atom PDF