> On 22 Aug 2015, at 13:26, Nikos Mavrogiannopoulos <n.mavrogiannopoulos at gmail.com> wrote: > > On Fri, 2015-08-21 at 22:31 +0200, Niels Peen wrote: >> Hi, >> >> I?m now using haproxy?s proxy protocol go get the client?s real IP >> address to ocserv. (As opposed to using sniproxy and losing this >> information.) >> >> It works very well for Radius, which now receives the clients real IP >> address. >> Two questions: >> 1) occtl and the script variable REAL_IP still show 127.0.0.1 as the >> client?s IP address. Is this expected? > > No really, it seems like an omission as these use cases were not > considered. > >> 2) I understand the proxy protocol also communicates the destination >> address. Can this destination address be made available to the >> connect script? (E.g. IP_REAL_LOCAL.) > > I've made a patch to correct (1) and also add (2), but it is not tested > yet. If you want to check it, it is at the ip-real branch of ocserv. I can confirm the real IP address now shows up in occtl. Unable to test the script variables as configuring a connect script now causes below login failure. Removing the connect script from the configuration, or reverting to the regular 0.10.7 release fixes the issue. Aug 23 00:54:10 soup ocserv[4495]: sec-mod: using 'radius' authentication to authenticate user (session: 4oHQ4) Aug 23 00:54:10 soup ocserv[4495]: radius-auth: communicating username (niels at vpn) and password Aug 23 00:54:10 soup ocserv[4495]: rc_conf_int: config option radius_deadtime was not set Aug 23 00:54:10 soup ocserv[4495]: radius-auth: opening session 4oHQ4GGoryZZVv+bbNXwdA== Aug 23 00:54:10 soup ocserv[4495]: rc_conf_int: config option radius_deadtime was not set Aug 23 00:54:10 soup ocserv[4495]: sec-mod: initiating session for user 'niels at vpn' (session: 4oHQ4) Aug 23 00:54:10 soup ocserv[4370]: main[niels at vpn]: X:54077 new user session Aug 23 00:54:10 soup ocserv[4370]: main[niels at vpn]: X:54077 failed authentication attempt for user 'niels at vpn' Aug 23 00:54:10 soup ocserv[4370]: main[niels at vpn]: X:54077 user logged in Aug 23 00:54:10 soup ocserv[5309]: worker[niels at vpn]: X error receiving cookie authentication reply Aug 23 00:54:10 soup ocserv[5309]: worker[niels at vpn]: X failed cookie authentication attempt Aug 23 00:54:10 soup ocserv[4370]: main[niels at vpn]: X:54077 user disconnected Aug 23 00:54:10 soup ocserv[4495]: sec-mod: temporarily closing session for niels at vpn (session: 4oHQ4) Thanks, niels
