OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

Setting client access in post_auth

https://forums.openvpn.net/viewtopic.php?t=34204

Page 1 of 1

Setting client access in post_auth

Posted: Tue May 10, 2022 12:18 pm
by chort1
Hi,

Is it possible to return the user/group access_to.x lines in the post_auth script?

I'm currently trying this:

Code: Select all

authret['proplist']['access_to.0'] = '+ROUTE:10.0.0.0/24'
authret['proplist']['access_to.1'] = '+ROUTE:10.0.1.0/24'
authret['proplist']['access_to.2'] = '+ROUTE:10.0.2.0/24'
return authret
When checking with authcli. the properties seem to be returned:

Code: Select all

AUTH_RETURN
  status : SUCCEED
  user : test
  reason : PAM auth succeeded
  proplist : {'prop_autogenerate': 'true', 'prop_autologin': '', 'conn_group': 'testgroup', 'type': 'user_connect', 'access_to.0': '+ROUTE:10.0.0.0/24', 'access_to.1': '+ROUTE:10.0.1.0/24', 'access_to.2': '+ROUTE:10.0.2.0/24', 'is_efemer_prop_list': True}
but the routes don't show up on the client. Is this response possible, or do the access_to-lines have to be predefined and stored for the user or group?

Re: Setting client access in post_auth

Posted: Mon May 16, 2022 8:13 am
by chort1
No replies to this?

I'm guessing this would not be possible, since any changes in the access rules for regular groups seem to require a restart of one or more service components, but still holding out for an official reply.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/