everything works ok ...but I need to force client IP address and facing a following problem :
According to documentation :
For authret exist
Ok, my script returning in authret correct IP-address from the configured range, and I can see in logs two lines :proplist (dictionary, optional) -- a list of user properties for the
connecting user.
* conn_ip -- (string: IP address) dynamic IP address that should be
assigned to user -- this IP address MUST exist within
a group subnet; if conn_group is not specified, AS will
try to derive the group by looking at the set of all
groups, and finding the group for which this IP address
is contained within group_subnets (only in Layer 3 mode)
Code: Select all
2012-10-23 10:40:17-0400 [-] POST_AUTH : authret after group check {'status': 0, 'reason': 'LDAP auth succeeded on ldaps://XXXX/ group : vpn_YYYYY', 'user': 'testuser', 'proplist': {'conn_ip': '172.27.127.41', 'prop_autogenerate': 'true'}}
2012-10-23 10:40:17-0400 [-] AUTH SUCCESS {'status': 0, 'reason': 'LDAP auth succeeded on ldaps://XXXX/ group : vpn_YYYYY', 'serial_list': [], 'user': 'testuser', 'proplist': {'conn_ip': '172.27.127.41', 'prop_autogenerate': 'true'}, 'common_name': 'testuser', 'serial': '18'} cli=/
IP-address 172.27.127.41 : and just after that :
Code: Select all
2012-10-23 10:40:17-0400 [-] OVPN 0 OUT: 'Tue Oct 23 10:40:17 2012 MANAGEMENT: CMD 'client-auth 4 0''
2012-10-23 10:40:18-0400 [-] OVPN 0 OUT: 'Tue Oct 23 10:40:18 2012 testuser/XX.XX.XX.XX:56811 OPTIONS IMPORT: LZO parms modified'
2012-10-23 10:40:18-0400 [-] OVPN 0 OUT: 'Tue Oct 23 10:40:18 2012 testuser/XX.XX.XX.XX:56811 MULTI: Learn: 172.27.127.3 -> testuser/XX.XX.XX.XX:56811'
2012-10-23 10:40:18-0400 [-] OVPN 0 OUT: 'Tue Oct 23 10:40:18 2012 testuser/XX.XX.XX.XX:56811 MULTI: primary virtual IP for testuser/XX.XX.XX.XX:56811: 172.27.127.3'
E.g. either I am not understanding prop_autogenerate influence. or ? How to force Access Server to use address that I had returned in auth_ret proplist ? Banging my head for last week, no luck...