(RADIATOR) Using Cisco EasyVPN together with DYNADDR

Steven stevenh at xsmail.com
Fri Apr 2 02:47:30 CST 2004 

Hello,

I'm using Radiator 3.8 to do authentication for Cisco EasyVPN clients. The 
EasyVPN server is a Cisco 7200 with SA-VAM. EasyVPN uses ip address pools 
configured on the EasyVPN server to allocate IP addresses. For my 
application I'd prefer to have the IP addresses assigned from the Radiator 
server. I've found that I can do this by setting the Framed-IP-Address as 
an attribute per configured user. However, I would like to use <AUTHBY 
DYNADDRESS>. This doesn't work for me. From what I can see, the AUTHBY 
DYNADDR module is not used for some reason and perhaps because of that, the 
Framed-IP-Address attribute doesn't get added to the Access-Accept message.

Here's the relevant config:
<AddressAllocator SQL>
         Identifier DynIPAllocator
         DBSource        xxx
         DBUsername  xxx
         DBAuth          xxx
         <AddressPool ipsectest>
                 Range 172.16.100.0/24
         </AddressPool>
</AddressAllocator>
<Handler Realm=test>
         # Limit all users in this realm to max of 1 session
         MaxSessions 1
         <AuthBy FILE>
                 Filename %D/ipvpn-offnet-test.txt
         </AuthBy>
         <AuthBy DYNADDRESS>
                 AddressAllocator DynIPAllocator
                 PoolHint ipsectest
         </AuthBy>

</Handler>

users.txt:
steven at test Encrypted-Password = xxx
#   Framed-IP-Address = 192.168.100.1 # When I uncomment this line that the 
EasyVPN client gets this IP address assigned

Logfile:
Code:       Access-Request
Identifier: 221
Authentic:  xxx
Attributes:
     User-Name = "steven at test"
     User-Password = "xxx"
     NAS-IP-Address = xxx
Fri Apr  2 10:42:29 2004: DEBUG: Handling request with Handler 'Realm=test'
Fri Apr  2 10:42:29 2004: DEBUG:  Deleting session for steven at test, xxx,
Fri Apr  2 10:42:29 2004: DEBUG: do query is: 'delete from RADONLINE where 
NASIDENTIFIER='xxx' and NASPORT=0':

Fri Apr  2 10:42:29 2004: DEBUG: Query is: 'select NASIDENTIFIER, NASPORT, 
ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where USERNAME='steven at test'':

Fri Apr  2 10:42:29 2004: DEBUG: Handling with Radius::AuthFILE:
Fri Apr  2 10:42:29 2004: DEBUG: Radius::AuthFILE looks for match with 
steven at test
Fri Apr  2 10:42:29 2004: DEBUG: Radius::AuthFILE ACCEPT:
Fri Apr  2 10:42:29 2004: DEBUG: Access accepted for steven at test
Fri Apr  2 10:42:29 2004: DEBUG: Packet dump:
*** Sending to 213.160.212.25 port 1645 ....
Code:       Access-Accept
Identifier: 221
Authentic:  xxx
Attributes:

What am I doing wrong here?

- Steven

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list