Добрый день!
Столкнулся с проблемой.
На VDS поднят strongswan + freeradius.
Авторизация проходит, но radius атрибуты не срабатывают для статического IP./etc/freeradius/3.0/users
%radius-username% Cleartext-Password := "%radius-password%"
NAS-Port-Type = Virtual,
Service-Type = Framed-User,
Framed-IP-Address = 10.255.24.12,
Framed-IP-Netmask = 255.255.255.0,
MS-Primary-DNS-Server = 8.8.8.8В запросе четко видны радиус атрибуты, но они не срабатывают (радиус их получает, и игнорирует их)
Кусок дебага:
Sent Access-Accept Id 106 from 127.0.0.1:1812 to 127.0.0.1:34540 length 0
(4) NAS-Port-Type = Virtual
(4) Service-Type = Framed-User
(4) Framed-IP-Address = 10.255.24.12
(4) Framed-IP-Netmask = 255.255.255.0
(4) MS-Primary-DNS-Server = 8.8.8.8
(4) MS-MPPE-Encryption-Policy = Encryption-Allowed
(4) MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed
(4) MS-MPPE-Send-Key = 0x7bbb8b987de7d0dfc120c24433fb2083
(4) MS-MPPE-Recv-Key = 0x1a461ae69b7751cd95e3d095a325571a
(4) EAP-Message = 0x03030004
(4) Message-Authenticator = 0x00000000000000000000000000000000
(4) User-Name = "%radius-username%"
(4) Finished request
Waking up in 4.7 seconds.
(5) Received Accounting-Request Id 107 from 127.0.0.1:40811 to 127.0.0.1:1813 length 147
(5) Acct-Status-Type = Start
(5) Acct-Session-Id = "1647688010-64"
(5) NAS-Port-Type = Virtual
(5) Service-Type = Framed-User
(5) NAS-Port = 64
(5) NAS-Port-Id = "IKEv2+EAP"
(5) NAS-IP-Address = %EXT-IP-VDS%
(5) Called-Station-Id = "%EXT-IP-VDS%[500]"
(5) Calling-Station-Id = "%EXT-IP-CLIENT%[500]"
(5) User-Name = "%radius-username%"
(5) Framed-IP-Address = 10.255.24.2
(5) NAS-Identifier = "strongSwan"IP адреса, логины и пароли изменены.
Буду рад совету.
Заранее благодарен.
>[оверквотинг удален]
> (5) NAS-Port-Id = "IKEv2+EAP"
> (5) NAS-IP-Address = %EXT-IP-VDS%
> (5) Called-Station-Id = "%EXT-IP-VDS%[500]"
> (5) Calling-Station-Id = "%EXT-IP-CLIENT%[500]"
> (5) User-Name = "%radius-username%"
> (5) Framed-IP-Address = 10.255.24.2
> (5) NAS-Identifier = "strongSwan"
> IP адреса, логины и пароли изменены.
> Буду рад совету.
> Заранее благодарен.В дополнение, кусок лога. Атрибут дублируется:
Framed-IP-Address = 10.255.24.2
Framed-IP-Address = 10.255.24.12Sat Mar 19 13:25:24 2022
Acct-Status-Type = Stop
Acct-Session-Id = "1647688010-74"
NAS-Port-Type = Virtual
Service-Type = Framed-User
NAS-Port = 74
NAS-Port-Id = "IKEv2+EAP"
NAS-IP-Address = %EXT-IP-VDS%
Called-Station-Id = "%EXT-IP-VDS%[500]"
Calling-Station-Id = "%EXT-IP-CLIENT%[500]"
User-Name = "%radius-username%"
Framed-IP-Address = 10.255.24.2
Framed-IP-Address = 10.255.24.12
Acct-Output-Octets = 184630
Acct-Output-Packets = 374
Acct-Input-Octets = 140713
Acct-Input-Packets = 348
Acct-Session-Time = 390
Acct-Terminate-Cause = User-Request
NAS-Identifier = "strongSwan"
Event-Timestamp = "Mar 19 2022 13:25:24 UTC"
Tmp-String-9 = "ai:"
Acct-Unique-Session-Id = "87126f7fa0835846260efa39b8e90656"
Timestamp = 1647696324
>[оверквотинг удален]
> Acct-Input-Octets = 140713
> Acct-Input-Packets = 348
> Acct-Session-Time = 390
> Acct-Terminate-Cause = User-Request
> NAS-Identifier = "strongSwan"
> Event-Timestamp = "Mar 19
> 2022 13:25:24 UTC"
> Tmp-String-9 = "ai:"
> Acct-Unique-Session-Id = "87126f7fa0835846260efa39b8e90656"
> Timestamp = 1647696324Разобрался.
https://wiki.debian.org/ru/strongSWAN/VirtualIP#RADIUS_.2BBD.../etc/ipsec.conf
rightsourceip=%radiusВ официальной доке этого нет. Возможно искал плохо.