Re: [Radiusplugin-users] Framed-IP-Address problem

[Ralf Lübben]

Hi,

which is the IP address (10.8.0.2 or 10.8.0.209) of the tun interface of the 
client? 

Which address is configured by your script? I gues 10.8.0.209 .

Does your RADIUS server set a Framed-IP option? (If not, there is no conflict.)

The address of the interface should be the address the plugin returns to the 
server ((see RFC2866, chapter 4.1 for more information)).

The code snippet is not repeated in CLIENT_DISCONNECT because in 
CLIENT_CONNECT the internal database of the plugin is updated.

Also I assume the "ifconfig_pool_remote_ip" should not change between 
CLIENT_CONNECT and CLIENT_DISCONNECT, maybe this is wrong .

What entries are in your client config file?
Does any value of the ENVP list contains the correct IP? 

It is strange that "ifconfig_pool_remote_ip" changes.


Am Dienstag, 14. Juni 2011, um 20:18:41 schrieb Stuart Stevenson:
> Not quite sure what you mean by this.
> 
> What I would like to happen is for the accounting update packets, or the
> accounting stop packets to contain the correct Framed-IP-Address.
> 
> On a CLIENT_CONNECT, the ENVP output shows:
> 
>       Tue Jun 14 19:01:45 2011 us=737790 bob/192.168.10.8:49121 ENVP[3] =
> 'ifconfig_pool_remote_ip=10.8.0.2'
> 
> Which is actually incorrect, but from what you are saying, this is a
> conflict between my client-connect script and the client configs file the
> radius plugin creates?
> 
> However, on a CLIENT_DISCONNECT, ENVP shows the correct
> ifconfig_pool_remote_ip, which I would like to be entered into my database.
> But the problem I have is that the radius plugin must still be sending the
> old ifconfig_pool_remote_ip from the initial CLIENT_CONNECT.
> 
>       Tue Jun 14 19:02:10 2011 us=362334 ENVP[6] =
> 'ifconfig_pool_remote_ip=10.8.0.209'
> 
> I assume this is because of radiusplugin.cpp, Line 465:
> 
>       if (get_env ( "ifconfig_pool_remote_ip", envp ) !=NULL)
>       {
>               newuser->setFramedIp ( string ( get_env (
> "ifconfig_pool_remote_ip", envp ) ) );
>       }
> 
> The setFramedIp method is never called again during the CLIENT_DISCONNECT
> stage, so I assume this is why the Framed-IP-Address that is updated in to
> my database is incorrect? I haven't tested this myself yet, but I would
> hazard a guess that the addition of the above code snippet into
> radiusplugin.cpp above Line 563 would solve this for me?
> 
> Thanks,
> Stuart.
> 
> -----Original Message-----
> From: Ralf Lübben [mailto:address@hidden
> Sent: 14 June 2011 18:00
> To: address@hidden
> Cc: Stuart Stevenson
> Subject: Re: [Radiusplugin-users] Framed-IP-Address problem
> 
> Hi,
> 
> the plugin just writes the Framed-IP address to the client config file
> (maybe as your client config script does) if it gets one from the radius
> server.
> 
> One option could be not to send to the Framed IP option another option
> could be to do the address selection at the radius.
> 
> Overall, I think the behavior of a script and a plugin a very similar.
> 
> If you have further question please let me know.
> 
> Ralf
> 
> Am Dienstag, 14. Juni 2011, um 18:38:35 schrieb Stuart Stevenson:
> > Hi,
> > 
> > 
> > 
> > I'm trying to get the correct Framed-IP-Address stored into the
> > database, but it won't update with the new value.
> > 
> > 
> > 
> > First, I connect to OpenVPN, and by default, it tries to assign an IP
> > from the range 10.8.0.0/24 (hence the 10.8.0.2) the RADIUS-PLUGIN sees
> 
> below:
> > Tue Jun 14 17:23:09 2011 RADIUS-PLUGIN: FOREGROUND:
> > OPENVPN_PLUGIN_CLIENT_CONNECT is called.
> > 
> > Tue Jun 14 17:23:09 2011 RADIUS-PLUGIN: FOREGROUND: Key:
> > 192.168.10.8:47386.
> > 
> > Tue Jun 14 17:23:09 2011 RADIUS-PLUGIN: FOREGROUND: Set FramedIP to
> > the IP
> > (10.8.0.2) OpenVPN assigned to the user bob
> > 
> > 
> > 
> > However, I have a client-connect script which pulls a random IP from
> > the
> > 10.8.0.0/24 range and puts the random Framed-IP-Address into this
> > dynamic config file. As can be seen below, OpenVPN recognises this and
> > updates according (including in the status file):
> > 
> > 
> > 
> > Tue Jun 14 17:23:09 2011 us=553408 bob/192.168.10.8:47386 OPTIONS IMPORT:
> > reading client specific options from:
> > /tmp/openvpn/ifconfig/openvpn_cc_3745795b4223cfddef61f0260b52ec84.tmp
> > 
> > Tue Jun 14 17:23:09 2011 us=742109 bob/192.168.10.8:47386 OPTIONS IMPORT:
> > reading client specific options from:
> > /tmp/openvpn/ifconfig/openvpn_cc_eb3789928b91000666b54c31ecbcc26b.tmp
> > 
> > Tue Jun 14 17:23:09 2011 us=742409 bob/192.168.10.8:47386 MULTI: Learn:
> > 10.8.0.211 -> bob/192.168.10.8:47386
> > 
> > Tue Jun 14 17:23:09 2011 us=742449 bob/192.168.10.8:47386 MULTI:
> > primary virtual IP for bob/192.168.10.8:47386: 10.8.0.211
> > 
> > 
> > 
> > My problem is that the RADIUS-PLUGIN does not pick up on the fact that
> > there is an updated Framed-IP-Address, and still updates the database
> > with the old Framed-IP-Address. Even with accounting updates like
> > below, (not knowing C/C++ well enough to make sense of the source
> > code), I would assume that when the plugin reads the status file, it
> > would update any new information, including the updated
> > Framed-IP-Address, but it still updated the database with 10.8.0.2.
> > 
> > 
> > 
> > Tue Jun 14 17:27:09 2011 RADIUS-PLUGIN: BACKGROUND ACCT: Scheduler:
> > Read Statusfile.
> > 
> > Tue Jun 14 17:27:09 2011 RADIUS-PLUGIN: BACKGROUND-ACCT: Get
> > ACCOUNTING_RESPONSE-Packet.
> > 
> > Tue Jun 14 17:27:09 2011 RADIUS-PLUGIN: BACKGROUND-ACCT: Scheduler:
> > Update packet for User bob was send.
> > 
> > 
> > 
> > Perhaps I am just doing something wrong, or maybe the plugin just
> > isn't written to pull and update the Framed-IP-Address from the status
> > file on every accounting update?
> > 
> > 
> > 
> > Regards,
> > 
> > Stuart.