Actions
Feature #9206
closed
OpenVPN+RADIUS+Cisco AVPair ACL Enhancements/BugFixes
Start date:
12/17/2018
Due date:
% Done:
100%
Estimated time:
Plus Target Version:
Release Notes:
Description
Hello,
I've fixed a race condition where disconnecting and reconnecting a session when using AVPair ACLs would result in no rules being inserted.
Additionally I have added the following:
- Updated the ACL parser to support IP and ICMP protocol options
- Updated the ACL parser to support port operators.
- Added a template variable "{clientip}" that is replaced with the connecting clients VPN IP.
Updated by Shawn Bruce about 6 years ago
Updated by Jim Pingle almost 6 years ago
- Target version changed from 48 to 2.5.0
Updated by Jim Pingle over 5 years ago
- Status changed from New to Pull Request Review
Updated by Renato Botelho almost 5 years ago
- Status changed from Pull Request Review to Feedback
- Assignee set to Renato Botelho
- % Done changed from 0 to 100
PR has been merged. Thanks!
Updated by Viktor Gurov over 4 years ago
- Status changed from Feedback to Resolved
works as expected on 2.5.0.a.20200414.0021
test radius attributes:
Cisco-AVPair = "ip:outacl#1=permit udp host 4.4.4.4 host 7.7.7.7 range 3110 5000", Cisco-AVPair += "ip:outacl#2=permit tcp any host 7.7.7.7 gt 333", Cisco-AVPair += "ip:inacl#1=permit udp host 3.3.3.3 host 7.7.7.7 lt 566", Cisco-AVPair += "ip:inacl#2=permit udp host 3.3.3.3 host 7.7.7.7 neq 899", Cisco-AVPair += "ip:inacl#3=permit tcp host 2.2.2.2 host 5.5.5.5 eq 999"
# pfctl -a openvpn/ovpns1_testuser1_1194 -s rules pass in quick on ovpns1 inet proto udp from 3.3.3.3 to 7.7.7.7 port < 566 no state pass in quick on ovpns1 inet proto udp from 3.3.3.3 to 7.7.7.7 port != 899 no state pass out quick on ovpns1 inet proto udp from 4.4.4.4 to 7.7.7.7 port 3109 >< 5001 no state pass out quick on ovpns1 inet proto tcp from any to 7.7.7.7 port > 333 no state pass in quick on ovpns1 inet proto tcp from 2.2.2.2 to 5.5.5.5 port = garcon no state
Actions