Bug #9178
closed
openvpn.auth-user.php: calling_station_id was removed
0%
Description
Hello,
In commit f15fdef37ff7c1fcaecc73f2927ba1d7775032b0 the attribute calling_station_id was removed from openvpn.auth-user.php. We use this attribute to distinguish different openVPN connections in our Windows radius server (sadly NPS does not support "NAS Port" as an attribute to validate against).
Pull request with patch will follow.
Updated by A FL over 5 years ago
As mentionned on on the github PR, the best would be that calling_station_id contains the MAC address linked to the interface used by OpenVPN, and not the IP of WAN...in order to comply with rfc3580.
But i don't see any easy way to get the interface used by openvpn tap/tun right now, so the applied patch seems fine to me.
Updated by Jim Pingle over 5 years ago
- Category set to Captive Portal
- Status changed from New to Feedback
- Priority changed from Very High to Normal
- Target version set to 48
PR is at https://github.com/pfsense/pfsense/pull/4020 and has been merged
RFC3580 is for 802.1x, not OpenVPN or RADIUS in general. There is no need to follow it for other purposes. As long as the RADIUS server understands what it is being sent, it's fine.
Updated by Jim Pingle over 5 years ago
- Target version changed from 48 to 2.4.4-p2
Updated by Steve Wheeler over 5 years ago
- Status changed from Feedback to Resolved
Tested:
2.4.4-RELEASE-p2 (arm64)
built on Wed Dec 12 06:32:09 EST 2018
FreeBSD 11.2-RELEASE-p6
Calling station ID attribute is sent as expected, interface_address:port
Calling-Station-Id Attribute (31), length: 20, Value: 172.21.16.115:1194
0x0000: 3137 322e 3231 2e31 362e 3131 353a 3131
0x0010: 3934