Package: openvpn-auth-radius
Version: 2.1-6+b1
Severity: normal
Dear maintainers,
When using several openvpn instances on the same subnet, tcp and udp for
example, we noticed routes specified by Framed-Route radius attribute
were not correctly inserted. As create route string doesn't specify the
output device, the routes are always inserted with the first device
matching the Framed-IP-Address (which is always the first launched
openvpn instance in our case).
Here is a patch proposal. It adds the openvpn instance device (given in
the environment) to the create/delete route string.
Kind regards,
--
Olivier Le Brouster
Subject: add output device to create/delete route string
When several openvpn instances is running on the same subnet, for example tcp
and udp, routes need to be inserted with a specific output device depending on
which instances the user is connecting to (given by openvpn in "dev"
environment variable).
--- a/AccountingProcess.cpp
+++ b/AccountingProcess.cpp
@@ -92,6 +92,7 @@
//get the information from the
foreground process
user->setUsername(context->acctsocketforegr.recvStr());
+
user->setDevice(context->acctsocketforegr.recvStr());
user->setSessionId(context->acctsocketforegr.recvStr()) ;
user->setPortnumber(context->acctsocketforegr.recvInt());
user->setCallingStationId(context->acctsocketforegr.recvStr());
@@ -104,7 +105,7 @@
user->setUntrustedPort(context->acctsocketforegr.recvStr());
context->acctsocketforegr.recvBuf(user);
if (DEBUG (context->getVerbosity()))
- cerr << getTime() << "RADIUS-PLUGIN:
BACKGROUND ACCT: New user acct: username: " << user->getUsername() << ",
interval: " << user->getAcctInterimInterval() << ", calling station: " <<
user->getCallingStationId() << ", commonname: " << user->getCommonname() << ",
framed ip: " << user->getFramedIp() <<".\n";
+ cerr << getTime() <<
"RADIUS-PLUGIN: BACKGROUND ACCT: New user acct: username: " <<
user->getUsername() << ", dev: " << user->getDevice() << ", interval: " <<
user->getAcctInterimInterval() << ", calling station: " <<
user->getCallingStationId() << ", commonname: " << user->getCommonname() << ",
framed ip: " << user->getFramedIp() <<".\n";
//set the starttime
--- a/radiusplugin.cpp
+++ b/radiusplugin.cpp
@@ -558,6 +558,15 @@
}
if ( DEBUG ( context->getVerbosity() ) )
cerr << getTime() << "RADIUS-PLUGIN:
FOREGROUND: Set FramedIP to the IP (" << newuser->getFramedIp() << ") OpenVPN
assigned to the user " << newuser->getUsername() << "\n";
+ //set the device of the user
+ if(get_env ( "dev", envp ) !=NULL)
+ {
+ newuser->setDevice( string ( get_env (
"dev", envp ) ) );
+ }
+
+ if ( DEBUG ( context->getVerbosity() ) )
+ cerr << getTime() << "RADIUS-PLUGIN:
FOREGROUND: Set device (" << newuser->getDevice() << ") to the user " <<
newuser->getUsername() << "\n";
+
//the user must be there and must be
authenticated but not accounted
// isAccounted and isAuthenticated is true it
is client connect for renegotiation, the user is already in the accounting
process
if ( newuser!=NULL && newuser->isAccounted()
==false && newuser->isAuthenticated() )
@@ -570,6 +579,7 @@
//send information to the background
process
context->acctsocketbackgr.send (
ADD_USER );
context->acctsocketbackgr.send (
newuser->getUsername() );
+ context->acctsocketbackgr.send (
newuser->getDevice() );
context->acctsocketbackgr.send (
newuser->getSessionId() );
context->acctsocketbackgr.send (
newuser->getPortnumber() );
context->acctsocketbackgr.send (
newuser->getCallingStationId() );
--- a/UserAcct.cpp
+++ b/UserAcct.cpp
@@ -705,6 +705,11 @@
strncat(routestring, " metric