On Wed, 2016-01-13 at 04:16 +0800, Yick Xie wrote: > Hi Nikos, > > > That's because the address is assigned after authentication (e.g., > > the > > address may be assigned by radius itself). > > I just thought the ocserv would send update messages to the radius > server immediately after authentication. Whatever it's not a big > trouble. Hi, I've done that in the master branch. > Sorry I haven't realized that before, because I misunderstood the > ocserv is supposed to maintain sorts of cookie-IP related entries. > Anyway it still makes sense to use IP ban cmd to deal with it, yet > that cmd seems not available now in occtl. It is available in the latest 0.10.x releases and in 0.11.x. > At last, I want to share another idea. I glanced the freeradius wiki > and found the default SQL-schema includes ConnectInfo_start and > ConnectInfo_stop attributes, the former of which in my opinion can be > utilized to record the User-agent via "Connect-Info". Sometimes the > admin cannot check the log punctually and totally got no clues of > what's the client's application or platform, considering AnyConnect > covers so many OS and versions even as well as BlackBerry. Then UA > attribute must be helpful to collect more info about whether a > problem > come from one specific APP/version or our server, meanwhile such > extension will be harmless to the freeradius infrastructure. What do > you think about it ? Perhaps I missed something about the protocol? Please open an issue/feature request in gitlab.com/ocserv/ocserv and place all that information there. It looks indeed useful. regards, Nikos
