OpenVPN Radius auth doesn't send NAS attributes and is not consistent with how strongSwan does it
OpenVPN Radius auth doesn't send NAS Port-Type (which should be "Virtual") and NAS Port (which preferably should be the port the client connected on). The NAS Identifier attribute should be "openVPN" and not the pfSense hostname (to be consistent with strongSwan).
This should simplify Radius authentication and allow for fine grained control over who can authenticate on each openVPN server instance.
- Status changed from New to Confirmed
- Affected Version changed from 2.3.1 to All
I've submitted a github pull request (#3057) fixing this issue.
- Target version set to 2.4.0
Thanks Kacper. Looks reasonable, outside the one line I left a comment on where a recent change was reverted, but something that should bake in snapshots longer than we'll have time for 2.3.2.
I fixed the lines that reverted the recent changes. My bad for committing things that really aren't part of the patch. I've force pushed my changes so they should be immediately visible in the pull request.
- Status changed from Confirmed to Feedback
Thanks, merged to master for 2.4.
- Status changed from Feedback to Resolved
- Target version changed from 2.4.0 to 2.3.3
Also available in: Atom