How to read parameter return from radiusplogin?

How to customize and extend your OpenVPN installation.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
frank98563
OpenVpn Newbie
Posts: 3
Joined: Thu Oct 27, 2022 3:28 am

How to read parameter return from radiusplogin?

Post by frank98563 » Thu Oct 27, 2022 9:35 pm

Ok, I am totally new to OpenVPN custom scripting. I guess is not so easy being new at this. So far:

1. Installed OpenVPN 2.5.5 on Ubuntu 22.04
2. Insalled Freeradius 3.x on the same server as OpenVPN
3. able to authenticate via Freeradius

But how do I get the parameters that are sent back from Freereadius?

I wrote a simply script just to print information on syslog:

#!/bin/sh
logger "test message"
echo "$common_name"
echo "$framedip"

echo "test 2 message"

and execute the script using server.conf:

client-connect /etc/openvpn/radius/test.sh

I am able to see in syslog the enviroment varaible $common_name ("frank" in this case), but I don't see "framedip" or any parameter that returned from the radius plugin.

Oct 27 21:11:56 FreeRadius openvpn[676]: frank/xxx:50957 PLUGIN_CALL: POST /usr/lib/openvpn/radiusplugin.so/PLUGIN_CLIENT_CONNECT status=0
Oct 27 21:11:56 FreeRadius openvpn[676]: frank/xxx:50957 OPTIONS IMPORT: reading client specific options from: /tmp/openvpn_cc_7d65570777aa9edf2c31583c07f3ed69.tmp
Oct 27 21:11:56 FreeRadius root: test message
Oct 27 21:11:56 FreeRadius openvpn[1395]: frank
Oct 27 21:11:56 FreeRadius openvpn[1395]: test 2 message
Oct 27 21:11:56 FreeRadius openvpn[676]: frank/xxx:50957 OPTIONS IMPORT: reading client specific options from: /tmp/openvpn_cc_1c23f658e19565ac1f481d7c32a52ce0.tmp

So, can someone help me point me to the right document or anywhere or show example as to how to read th reply from freeradius?

Here is what is from the debug of Freeradius:

(3) sql: User found in radreply table, merging reply items
(3) sql: Framed-IP-Address = 10.7.0.6
(3) sql: Framed-IP-Netmask = 255.255.255.0
(3) sql: Cisco-AVPair += "ip:inacl#1=permit any host 10.7.0.6 host 10.100.0.5"
(3) sql: Cisco-AVPair += "ip:inacl#2=permit any host 10.7.0.6 host 172.20.0.7"
(3) sql: Framed-Protocol = PPP
(3) sql: EXPAND SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority
(3) sql: --> SELECT groupname FROM radusergroup WHERE username = 'frank' ORDER BY priority
(3) sql: Executing select query: SELECT groupname FROM radusergroup WHERE username = 'frank' ORDER BY priority
(3) sql: User not found in any groups
rlm_sql (sql): Released connection (0)

I want to be able to get all the "Cisco-AVPair" and "Framed-IP-Address" from the script, is this possible?

My ultimate goal is to be able to read all the firewall rule from the Freeradius (which comes from mySQL database) and put them, I guess, either into OpenVPN configuartion or the OS iptable so I can allow different user to access different set of IPs.

Thank you!

frank98563
OpenVpn Newbie
Posts: 3
Joined: Thu Oct 27, 2022 3:28 am

Re: How to read parameter return from radiusplogin?

Post by frank98563 » Thu Oct 27, 2022 11:30 pm

nevermind I guess my module config was not config correctly.... I guess newbie error... I see all the parameters now

Post Reply