|
|
Hi, Thibault Le Meur a écrit : > > Hi, > > > > I'm looking for replacement of a strongswan/l2tp roadwarrior vpn > > solution and am thinking about having PPTP (or l2tp) over openVPN. > > > > I've noticed equivalent questions in the past but without true return > > of experience. > > > > I need to keep my old solution features (rsa host authentication + > > password-based user authentication + radius server accounting and IP > > pool management + iptables tules). Here is what I imagine: > > * get an ssl tunnel with mutual authentication of the server and the > > client host (asymetric crypto authentication) > > * then run a PPP-over-ip-like protocol (pptp or l2tp) to authenticate > > the end user against a radius server (password based authentication) Maybe you could use the --auth-user-pass-verify with a script to perform authentication against the radius server, couldn't you ? There's an example of such a script, shipped with OpenVpn, which perform pam authentication, maybe another can deal with radius. > > * the radius server will assign an IP address from a pool > > corresponding to the user profile (several profiles defined) and > > record accounting data Since the SSL tunnel is active, OpenVPN already assigned an IP address to the client. Do you really need the radius server to do the job ? > > * the vpn server will then enforce different iptables rules to these > > pre-defined IP addresses pools > > > > Is it possible ? Is anyone sucessfully using such a solution ? > > Is there any good doc on such a setup ? > > > > Thanks in advance to guide me through my first steps toward a working > > openVPN test platform. > > > > Thibault ______________________ OpenVPN mailing lists https://lists.sourceforge.net/lists/listinfo/openvpn-users |