Setting client access in post_auth

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Post Reply
chort1
OpenVPN User
Posts: 27
Joined: Tue Mar 01, 2022 12:24 pm

Setting client access in post_auth

Post by chort1 » Tue May 10, 2022 12:18 pm

Hi,

Is it possible to return the user/group access_to.x lines in the post_auth script?

I'm currently trying this:

Code: Select all

authret['proplist']['access_to.0'] = '+ROUTE:10.0.0.0/24'
authret['proplist']['access_to.1'] = '+ROUTE:10.0.1.0/24'
authret['proplist']['access_to.2'] = '+ROUTE:10.0.2.0/24'
return authret
When checking with authcli. the properties seem to be returned:

Code: Select all

AUTH_RETURN
  status : SUCCEED
  user : test
  reason : PAM auth succeeded
  proplist : {'prop_autogenerate': 'true', 'prop_autologin': '', 'conn_group': 'testgroup', 'type': 'user_connect', 'access_to.0': '+ROUTE:10.0.0.0/24', 'access_to.1': '+ROUTE:10.0.1.0/24', 'access_to.2': '+ROUTE:10.0.2.0/24', 'is_efemer_prop_list': True}
but the routes don't show up on the client. Is this response possible, or do the access_to-lines have to be predefined and stored for the user or group?

chort1
OpenVPN User
Posts: 27
Joined: Tue Mar 01, 2022 12:24 pm

Re: Setting client access in post_auth

Post by chort1 » Mon May 16, 2022 8:13 am

No replies to this?

I'm guessing this would not be possible, since any changes in the access rules for regular groups seem to require a restart of one or more service components, but still holding out for an official reply.

Post Reply