static IP for auth-pam or mysql auth

Scripts which allow the use of special authentication methods (LDAP, AD, MySQL/PostgreSQL, etc).
djsb
OpenVpn Newbie
Posts: 2
Joined: Tue Apr 26, 2011 4:22 am

static IP for auth-pam or mysql auth

Postby djsb » Tue Apr 26, 2011 4:24 am

Hi all,

I would like to deliver a static IP for each client based on the authentication which could be pam or mysql.
Is this possible? Any direction you can share?

best regards,

User avatar
janjust
Forum Team
Posts: 2702
Joined: Fri Aug 20, 2010 2:57 pm
Location: Amsterdam
Contact:

Re: static IP for auth-pam or mysql auth

Postby janjust » Tue Apr 26, 2011 9:22 am

yes this is possible.

Use the auth-pam plugin to authenticate users; then use a 'client-connect' script to map the authenticated username to a specific IP. The 'client-connect' script can write out client-specific include options using

Code: Select all

script-security 2
client-connect </full/path/to/script/file>


I'd use a simple text file (or mysql database) to match the usernames against the IPs you want, e.g.

Code: Select all

user1 ip1
user2 ip2
user3 ip3


The script would do something like

Code: Select all

#!/bin/bash
IP=`awk "/$username/{ print $2}" client-ips.txt`
echo "ifconfig-push $IP 255.255.255.0" > $1

djsb
OpenVpn Newbie
Posts: 2
Joined: Tue Apr 26, 2011 4:22 am

Re: static IP for auth-pam or mysql auth

Postby djsb » Thu May 05, 2011 1:20 am

Thanks for your prompt post. I've used mysql-auth and i can auth correctly, but it seems that the server is ignoring your script on client connect.

The script gets called because i get a new .tmp file on the directory containing the username and the desired ip, but still the client gets another ip.. Is there something i'm missing? Maybe on the client itself?

asdfg
OpenVpn Newbie
Posts: 1
Joined: Sun Feb 21, 2016 2:59 am

Re: static IP for auth-pam or mysql auth

Postby asdfg » Sun Feb 21, 2016 12:37 pm

Hello, i tried to use your script but i have following error:

Code: Select all

Options error: cannot parse --ifconfig-push addresses


server.conf

Code: Select all

# cat server.conf
port 1194
proto tcp
dev tun
ca keys/ca.crt
cert keys/cert.crt
key keys/cert.key
dh keys/dh2048.pem
server 10.8.0.0 255.255.255.0
keepalive 10 120
#comp-lzo
user nobody
group nogroup
persist-key
persist-tun
client-cert-not-required
script-security 2
client-connect /etc/openvpn/push-ip.sh
plugin /usr/lib/openvpn/openvpn-plugin-auth-pam.so login
status openvpn-status.log
log /var/log/openvpn.log
verb 3


Return to “Authentication Scripts”

Who is online

Users browsing this forum: No registered users and 1 guest