On Sat, 30 Apr 2005, Ralf [iso-8859-1] Lübben wrote: > Hello, > > thank you. That solves a lot of my problems. > > I have still one problem with accouting. > When a client connect, I get a ticket from the RADIUS-Server, there is given > an interval, in which I must send Alive-tickets to the RADIUS-Server with the > actual traffic and the time of the connection. > > Can I get the data from OpenVPN during the connection?
Right now, you can only get it by reading the --status file. For 2.1 I'm considering to add another script/callback for passing current accounting data. One of the goals of the plugin interface is to allow a fully-featured Radius plugin to be developed, as you are doing, so I would be happy to work with you on extending the plugin interface for 2.1 if you find that the current plugin API is insufficient. > Another question about the IP address and OPENVPN_PLUGIN_CLIENT_CONNECT. > Is there a possibility to give the IP address direct to the OpenVPN process > or > must I create the configuration files when a client connects? No, you have to write configuration file directives (containing the appropriate ifconfig-push directive) to the temporary file provided by the caller. This is so that we can maintain an identical interface for both script and plugin calls. James > Am Freitag, 29. April 2005 18:53 schrieb James Yonan: > > On Fri, 29 Apr 2005, Ralf [iso-8859-1] Lübben wrote: > > > Hello, > > > > > > I am interesting in build radius support for OpenVpn. > > > At the moment I'am thinking about what is the best way. > > > > > > 1. Authentification and Authroization: > > > I think this already works with the plugin pam_radius_auth.so, is that > > > right? > > > > Yes. > > > > > But I am interested in more features, > > > like to get the ip-address and the routes from the RADIUS-Server. > > > Can this be done with a plugin? Maybe by creating the configurationfiles > > > at the start of the connection? > > > Or could this be integrated in the Source Code? I think this would be the > > > best solution. > > > > You should be able to do this as a plugin. OpenVPN plugins can register a > > number of callbacks (see openvpn-plugin.h). > > > > You could use OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY to verify user/pass, > > OPENVPN_PLUGIN_CLIENT_CONNECT to pass IP address and routes, and > > OPENVPN_PLUGIN_CLIENT_DISCONNECT to process client disconnects. > > > > > I hope the fea > > > 2. Accounting: > > > I need to count the traffic of a VPN-connection, one the side every > > > traffic which goes from a client to the server (tun0-interface) and one > > > the other side every traffic which goes through the VPN, maybe from one > > > client to another client. > > > So when I use the counter of the tun-interface, I lose the traffic which > > > goes from one client to another. If I count the traffic of the > > > eth-interface I get other traffic, which has nothing to do with the vpn. > > > > The OPENVPN_PLUGIN_CLIENT_DISCONNECT callback (or script) can access > > client bandwidth info on the about-to-be-closed session by looking at the > > bytes_received and bytes_sent environmental variables. See the man page > > for more info. > > > > James > > > > > > > > ------------------------------------------------------- > > This SF.Net email is sponsored by: NEC IT Guy Games. > > Get your fingers limbered up and give it your best shot. 4 great events, 4 > > opportunities to win big! Highest score wins.NEC IT Guy Games. Play to > > win an NEC 61 plasma display. Visit http://www.necitguy.com/?r > > _______________________________________________ > > Openvpn-devel mailing list > > Openvpn-devel@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/openvpn-devel > > > ------------------------------------------------------- > This SF.Net email is sponsored by: NEC IT Guy Games. > Get your fingers limbered up and give it your best shot. 4 great events, 4 > opportunities to win big! Highest score wins.NEC IT Guy Games. Play to > win an NEC 61 plasma display. Visit http://www.necitguy.com/?r > _______________________________________________ > Openvpn-devel mailing list > Openvpn-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openvpn-devel >
