[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Radiusplugin-users] push "route x.x.x.x 255.255.255.0" with radiusp
|
From: |
Ralf Lübben |
|
Subject: |
Re: [Radiusplugin-users] push "route x.x.x.x 255.255.255.0" with radiusplugin |
|
Date: |
Tue, 08 May 2012 14:31:59 +0200 |
|
User-agent: |
KMail/4.8.2 (Linux/3.2.0-23-generic-pae; KDE/4.8.2; i686; ; ) |
Hi,
you are right, for client-side routes FramedRoutes is the wrong attribute.
So far, I'm not aware of any attributes to configure routes on the client (if
any is available let me know).
But you can do that with Vendor specific attributes.
To my knowledge you must first create a dictionary on the radius server,
see http://freeradius.org/radiusd/man/dictionary.html, e.g. the vendor number
for OpenVPN is 27340 (http://www.iana.org/assignments/enterprise-numbers), but
I think you can use any.
If the attributes are received by the plugin they will be forwarded to the vsa
script, which must be configured in the configuration file.
A simple example is added in the archiv of the plugin. Than it is up to the
script to handle the attribute. In your case it should write the attribute to
the client config file.
Let me know if you have further questions. Also if you have a solution, it
would be great to forward it to the mailing list.
Regards
Ralf
Am Dienstag, 8. Mai 2012, 14:03:09 schrieb Tobias Hachmer:
> On 08.05.2012 07:07, Ralf Lübben wrote:
> > yes this is possible.
> >
> > Use the FramedRoute-Attribute at the Radius server, e.g.
> >
> > user1 Cleartext-Password := "testing"
> >
> > Service-Type = Framed-User,
> > Framed-IP-Netmask = 255.255.255.0,
> > Framed-IP-Address = 10.8.0.33,
> > Framed-Routing = Broadcast-Listen,
> > Framed-Compression = Van-Jacobsen-TCP-IP,
> > Framed-Route += "192.168.101.0/26 10.8.0.1/32 1",
> > Framed-Route += "192.168.111.0/24 10.8.0.1/32 1",
> > Framed-Route += "192.168.112.0/24 10.8.0.1/32 1",
> > Acct-Interim-Interval=5,
> > Ascend-Data-Rate=100,
> > Ascend-Xmit-Rate=200,
> > Framed-Protocol = PPP
>
> Oh, that's not what I want. I have this with Framed-Route currently
> configured. But that are the networks residing on client side.
> I want to push individual routes to the client which the client has to
> put into it's local routing table to route these networks through the
> vpn.
>
> On openvpn server I have in server config the following configured:
>
> push "route 192.168.99.0 255.255.255.0"
> push "route 192.168.100.0 255.255.255.0"
> push "route 192.168.101.0 255.255.255.0"
> push "route 192.168.200.0 255.255.255.0"
> push "route 192.168.254.252 255.255.255.252"
>
> But these routes will be apllied for all clients. What I want is to
> push to clienta only a set of this routes and to clientb a different
> subset.
> For my understanding this is predestined to do this via radius for
> central management.
>
> Is there anywhere a list of all radius attributes openvpn will process/
> understand?
>
> If this isn't supported OOTB is this possible with vsa script? How
> works this, where can I tell openvpn to interpret a vsa the way I want
> to?
>
> Regards,
> Tobias Hachmer
>
> _______________________________________________
> Radiusplugin-users mailing list
> address@hidden
> https://lists.nongnu.org/mailman/listinfo/radiusplugin-users