Pass radius attributes to connect-script

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

We at the university (which cannot be named) would like to deploy a new 
vpn solution next to our existing one.
I know this sounds crazy, but all of our users have real globally 
route-able ipv4 vpn addresses.
This is for historical and licensing reasons.

The current l2tp/ipsec vpn uses /32 routes and addresses which it 
receives from a radius server.
Now as far as i know the tun/tap device can at minimum use /30 routes. 
(for windows compability).


What I would like to ask; Is there a way for the "up" and "down" script 
to get the framed-ip-address sent by radius?

My plan is to add the /32 route to the loopback interface so the running 
dynamic routing daemon can pick it up,
     ip route add $FRAMEDIP/255.255.255.255 dev lo
Then do something like this
     iptables -t nat -I POSTROUTING -s $IP_REMOTE -j SNAT --to $FRAMEDIP

regards,
Emeric


PS:
I remember in the golden days pppd with radiusclient stored attribute 
files for logged in users in /var/run/ppp<num>.attr files,
but radcli doesn't.





[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]


  Powered by Linux