Project

General

Profile

Bug #9178

openvpn.auth-user.php: calling_station_id was removed

Added by Kacper Boström 6 days ago. Updated 1 day ago.

Status:
Feedback
Priority:
Normal
Assignee:
-
Category:
Captive Portal
Target version:
Start date:
12/07/2018
Due date:
% Done:

0%

Estimated time:
Affected Version:
2.4.4_1
Affected Architecture:

Description

Hello,

In commit f15fdef37ff7c1fcaecc73f2927ba1d7775032b0 the attribute calling_station_id was removed from openvpn.auth-user.php. We use this attribute to distinguish different openVPN connections in our Windows radius server (sadly NPS does not support "NAS Port" as an attribute to validate against).

Pull request with patch will follow.

History

#1 Updated by A FL 4 days ago

As mentionned on on the github PR, the best would be that calling_station_id contains the MAC address linked to the interface used by OpenVPN, and not the IP of WAN...in order to comply with rfc3580.

But i don't see any easy way to get the interface used by openvpn tap/tun right now, so the applied patch seems fine to me.

#2 Updated by Jim Pingle 2 days ago

  • Category set to Captive Portal
  • Status changed from New to Feedback
  • Priority changed from Very High to Normal
  • Target version set to 2.4.5

PR is at https://github.com/pfsense/pfsense/pull/4020 and has been merged

RFC3580 is for 802.1x, not OpenVPN or RADIUS in general. There is no need to follow it for other purposes. As long as the RADIUS server understands what it is being sent, it's fine.

#3 Updated by Jim Pingle 1 day ago

  • Target version changed from 2.4.5 to 2.4.4_2

#4 Updated by Jim Pingle 1 day ago

Fix also picked back to RELENG_2_4_4

Also available in: Atom PDF