Project

General

Profile

Actions

Bug #9178

closed

openvpn.auth-user.php: calling_station_id was removed

Added by Kacper Boström about 6 years ago. Updated almost 6 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Captive Portal
Target version:
Start date:
12/07/2018
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.4.4_1
Affected Architecture:

Description

Hello,

In commit f15fdef37ff7c1fcaecc73f2927ba1d7775032b0 the attribute calling_station_id was removed from openvpn.auth-user.php. We use this attribute to distinguish different openVPN connections in our Windows radius server (sadly NPS does not support "NAS Port" as an attribute to validate against).

Pull request with patch will follow.

Actions #1

Updated by A FL about 6 years ago

As mentionned on on the github PR, the best would be that calling_station_id contains the MAC address linked to the interface used by OpenVPN, and not the IP of WAN...in order to comply with rfc3580.

But i don't see any easy way to get the interface used by openvpn tap/tun right now, so the applied patch seems fine to me.

Actions #2

Updated by Jim Pingle about 6 years ago

  • Category set to Captive Portal
  • Status changed from New to Feedback
  • Priority changed from Very High to Normal
  • Target version set to 48

PR is at https://github.com/pfsense/pfsense/pull/4020 and has been merged

RFC3580 is for 802.1x, not OpenVPN or RADIUS in general. There is no need to follow it for other purposes. As long as the RADIUS server understands what it is being sent, it's fine.

Actions #3

Updated by Jim Pingle about 6 years ago

  • Target version changed from 48 to 2.4.4-p2
Actions #4

Updated by Jim Pingle about 6 years ago

Fix also picked back to RELENG_2_4_4

Actions #5

Updated by Steve Wheeler almost 6 years ago

  • Status changed from Feedback to Resolved

Tested:
2.4.4-RELEASE-p2 (arm64)
built on Wed Dec 12 06:32:09 EST 2018
FreeBSD 11.2-RELEASE-p6

Calling station ID attribute is sent as expected, interface_address:port

      Calling-Station-Id Attribute (31), length: 20, Value: 172.21.16.115:1194
        0x0000:  3137 322e 3231 2e31 362e 3131 353a 3131
        0x0010:  3934
Actions

Also available in: Atom PDF