> Thibault Le Meur wrote:
> > I've patched the radiusplugin to add Framed-IP-Address to 
> the re-auth 
> > request but rlm_ippool still allocates a new IP Address 
> (I'm using FR 
> > 1.1.4).
>   Ok.  It seems like rlm_ippool should be updated to look for 
> Framed-IP-Address in the request.
>   That would be very useful, and would solve the problem 
> you're seeing.
>   Alan DeKok.

For those interested in an interim solution, here is a workaround:

1- make sure your NAS sends a Framed-IP-Address attribute in the
Access-Request when a re-authentication is performed (that is to say for
openvpn, use a patched version of radiusplugin)

2- Setup 2 Post-Auth-Types in the post-auth section:

        Post-Auth-Type postauth.ovpn {

        Post-Auth-Type postauth.ovpn.reauth {

3- in the users file (for instance) dispatch incomming Access-Requests based
on the presence of the Framed-IP-Address attribute:

DEFAULT Framed-IP-Address !* Any, Huntgroup-Name == srvs-vpn-ovpn,
Post-Auth-type := postauth.ovpn
        Fall-Through = no

DEFAULT Framed-IP-Address =* Any, Huntgroup-Name == srvs-vpn-ovpn,
Post-Auth-type := postauth.ovpn.reauth
        Fall-Through = no

Thanks Alan for your help,


List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to