RADIUS Accounting for OpenVPN #3694
Comments
|
A good starting point could be to check how the other connector you found (https://github.com/brainly/openvpn-auth-radius) handles accounting, there workflow probably is different than ours, but maybe we can collect some ideas from it. Our generic authentication system is explained in detail here https://docs.opnsense.org/development/components/authentication.html, we do offer accounting for captive portal, which you can find here https://github.com/opnsense/core/blob/master/src/opnsense/scripts/OPNsense/CaptivePortal/process_accounting_messages.php Since there are more authentication options possible per server, there might be a small challenge in finding out where to send the messages, but maybe you should start simple and try to send accounting messages to all supported authentication servers using data received from openvpn. Best regards, Ad ref :https://forum.opnsense.org/index.php?topic=14073.msg64734 |
|
This issue has been automatically timed-out (after 180 days of inactivity). For more information about the policies for this repository, If someone wants to step up and work on this issue, |
Guidelines
[x] I have read the contributing guide lines at https://github.com/opnsense/core/blob/master/CONTRIBUTING.md
[x] I have searched the existing issues and I'm convinced that mine is new.
tl;dr
I‘d like OpenVPN to support RADIUS accounting.
Use case
I want to do authentication/authorization for OpenVPN in the following manner:
This approach works fine so far, the only problem is that the ip pool must operate blindly. Without support for accounting RADIUS will never know when an IP gets released what can then lead to IP collisions.
I‘m happy to contribute myself, but would need some advice on how it would best fit into the current architecture.
The text was updated successfully, but these errors were encountered: