openvpn.auth-user.php: calling_station_id was removed
In commit f15fdef37ff7c1fcaecc73f2927ba1d7775032b0 the attribute calling_station_id was removed from openvpn.auth-user.php. We use this attribute to distinguish different openVPN connections in our Windows radius server (sadly NPS does not support "NAS Port" as an attribute to validate against).
Pull request with patch will follow.
As mentionned on on the github PR, the best would be that calling_station_id contains the MAC address linked to the interface used by OpenVPN, and not the IP of WAN...in order to comply with rfc3580.
But i don't see any easy way to get the interface used by openvpn tap/tun right now, so the applied patch seems fine to me.
#2 Updated by Jim Pingle 2 days ago
- Category set to Captive Portal
- Status changed from New to Feedback
- Priority changed from Very High to Normal
- Target version set to 2.4.5
PR is at https://github.com/pfsense/pfsense/pull/4020 and has been merged
RFC3580 is for 802.1x, not OpenVPN or RADIUS in general. There is no need to follow it for other purposes. As long as the RADIUS server understands what it is being sent, it's fine.