Project

General

Profile

Bug #8087

Provide Calling-Station-ID to RADIUS backed VPN connections

Added by Sunrunner20 20 about 2 years ago. Updated 4 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Authentication
Target version:
-
Start date:
11/13/2017
Due date:
% Done:

0%

Estimated time:
Affected Version:
All
Affected Architecture:

Description

I'm using Duo 2fa radius proxy to connect to the on board RADIUS server in PFsense and am not getting an IP or a username in the Duo Notifications. This is a much valued feature to validate that the request is coming from one of my machines (I'm not always there when secneg occurs). I do not know the RADIUS attribute for username.

History

#1 Updated by Jim Pingle 4 months ago

  • Category set to Authentication

Might not be possible to put the client address in there since I am not sure the auth system will see that from OpenVPN/IPsec, but it might be worth looking into.

There have been changes since this request was made, however. It does fill in the NAS-IP-Address (configurable in the auth server settings) and NAS-Identifier, which will show at least which firewall the request came through.

Also available in: Atom PDF