|
|
Hi, Thanks for the answer. > > > I need to keep my old solution features (rsa host > authentication + > > > password-based user authentication + radius server > accounting and IP > > > pool management + iptables tules). Here is what I imagine: > > > * get an ssl tunnel with mutual authentication of the > server and the > > > client host (asymetric crypto authentication) > > > * then run a PPP-over-ip-like protocol (pptp or l2tp) to > > > authenticate the end user against a radius server (password based > > > authentication) > Maybe you could use the --auth-user-pass-verify with a script > to perform authentication against the radius server, couldn't > you ? I'm a kind of a newbie to openvpn for the moment, but it looks like I could do that for the authentication part. > There's an example of such a script, shipped with > OpenVpn, which perform pam authentication, maybe another can > deal with radius. I'll have a look at this, thanks. > > > * the radius server will assign an IP address from a pool > > > corresponding to the user profile (several profiles defined) and > > > record accounting data > Since the SSL tunnel is active, OpenVPN already assigned an > IP address to the client. Do you really need the radius > server to do the job ? Unless openvpn is able to assign IP addresses from different pools given the LDAP group of a user, I'm afraid that I'll need to keep my radius server IP pool management. Is openvpn able to assign IP addresses given parameters from an LDAP directory or from radius reply attributes ? Regards, thibault ______________________ OpenVPN mailing lists https://lists.sourceforge.net/lists/listinfo/openvpn-users |