|
|
On Fri, Mar 31, 2006 at 10:07:22PM +0100, Jan Mulders wrote:
> I'm looking to assign a linear range (ie, 192.168.0.2, 192.168.0.3.. and so on)
> of IP addresses to the clients connecting to an OpenVPN daemon, in a routed
> configuration.
>
> I understand that I need to reserve several IP addresses per user, to ensure
> compatibility with Windows. Is there any way of avoiding this? I am creating a
> virtual ISP setup, handing out public IPs to vpn clients, and assigning them
> that address both internally and externally.
You want to use the latest version of the OpenVPN software for Windows (the
beta). Look into topology subnet.
> In addition, I am looking at the possibility of integrating OpenVPN with a
> RADIUS server, for user authentication, IP assignment and accounting. I have
> found a couple examples for auth and IPs, but nothing for accounting. I'd like
> to account bytes transferred, rather than connection time (seeing as that's how
> they're billed). Is there an 'easy way' of doing this from OpenVPN, or will I
> need to use a script monitoring IPTables totals every x seconds, and tells
> RADIUS itself?
Using the Radius plugin mentioned on the list has worked great for us.
Here's an excerpt from my radiusplugin.cnf file:
NAS-Identifier=langw
Service-Type=5
Framed-Protocol=1
NAS-Port-Type=5
NAS-IP-Address=<openvpnserver_ip>
ccdPath=/etc/openvpn/ccd/
statusFile=/var/log/openvpn/status.log
server
{
acctport=1813
authport=1812
name=<radiusserver_ip>
retry=1
wait=1
sharedsecret=<secret>
}
This does both accounting and authentication.
Ray
____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users
|