Project

General

Profile

Actions

Bug #6609

closed

OpenVPN Radius auth doesn't send NAS attributes and is not consistent with how strongSwan does it

Added by Kacper Boström about 8 years ago. Updated over 7 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
OpenVPN
Target version:
Start date:
07/13/2016
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
All
Affected Architecture:

Description

OpenVPN Radius auth doesn't send NAS Port-Type (which should be "Virtual") and NAS Port (which preferably should be the port the client connected on). The NAS Identifier attribute should be "openVPN" and not the pfSense hostname (to be consistent with strongSwan).

This should simplify Radius authentication and allow for fine grained control over who can authenticate on each openVPN server instance.

Actions #1

Updated by Chris Buechler about 8 years ago

  • Status changed from New to Confirmed
  • Affected Version changed from 2.3.1 to All
Actions #2

Updated by Kacper Boström about 8 years ago

I've submitted a github pull request (#3057) fixing this issue.

Actions #3

Updated by Chris Buechler about 8 years ago

  • Target version set to 2.4.0

Thanks Kacper. Looks reasonable, outside the one line I left a comment on where a recent change was reverted, but something that should bake in snapshots longer than we'll have time for 2.3.2.

Actions #4

Updated by Kacper Boström about 8 years ago

I fixed the lines that reverted the recent changes. My bad for committing things that really aren't part of the patch. I've force pushed my changes so they should be immediately visible in the pull request.

Actions #5

Updated by Chris Buechler about 8 years ago

  • Status changed from Confirmed to Feedback

Thanks, merged to master for 2.4.

Actions #6

Updated by Jim Pingle over 7 years ago

  • Status changed from Feedback to Resolved
  • Target version changed from 2.4.0 to 2.3.3
Actions

Also available in: Atom PDF