[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] REVISITED: enviromentals are not always working?


  • Subject: Re: [Openvpn-users] REVISITED: enviromentals are not always working?
  • From: James Yonan <jim@xxxxxxxxx>
  • Date: Thu, 28 Oct 2004 14:17:47 -0600 (MDT)

On Thu, 28 Oct 2004, Matt Wilks wrote:

> I saw this post from about a month ago and couldn't find an answer to
> the last question in this post about the ifconfig_pool_remote_ip
> environment variable.  I'm trying to implement some basic logging and
> that involves looking in the status file upon disconnect.  Since
> multiple connections can come from the same common_name the
> ifconfig_pool_remote_ip variable is the most unique key available, and I
> would like to be able to use it as the in-road to the status file.
> Watching the output of the logs you can see that it isn't set upon
> calling the client-disconnect script, but as is asked: is that a bug or
> a feature?

This has been fixed with beta12 and higher, and the 
ifconfig_pool_remote_ip variable is now set for the client-disconnect 
script.

Run at --verb 7 to see the environmental variable lists which are set 
before a script runs.

James

> > While we are on environment variables may I speak to a gotcha I just
> > had today.
> > 
> > Scenario: Several user connecting to OpenVPN which uses a call to a
> > radius server to setup iptables rules
> > 
> > Problem: When a user disconnected, the last person who connected had
> > their iptables rules deleted instead of the user who disconnected.
> > 
> > Gotcha: I had been using learn-address to call a single script that
> > reacted to the 'add','delete','update' parms... Used the
> > 
> > ifconfig_pool_remote_ip variable for the remote IP and common_name for
> > the name. Well, I just today realized that the server sets the
> > common_name when it calls connect/disconnect scripts, and when I was
> > using it in learn-address, I was only using whatever the last
> > connect/disconnect script had set it to :(. Yes, it is in the man
> > page, but I was just not putting the pieces together.
> > 
> > Resolution: Switch to client-connect/disconnect scripts and rely on
> > the environment variables common_name and ifconfig_pool_remote_ip.
> > 
> > This still has a gotcha as it appears to me that the
> > ifconfig_pool_remote_ip environment variable is not being set to the
> > current remote ip on client-disconnect execution. Luckily, the radius
> > server just needs the common name to know who to shutdown :). Maybe
> > that is a bug? Or, again I didn't read the man page properly :(.
> > 
> > Excellent otherwise ;),
> > JES
> 
> -- 
> Matthew Wilks
> University of Toronto        Computing and Networking Services
> (416) 978-3328               matt@xxxxxxxxxxxxxxxxxxxxxxx
> 4 Bancroft Ave., Rm. 102     Toronto, ON  M5S 1C1
> 
> 
> -------------------------------------------------------
> This Newsletter Sponsored by: Macrovision 
> For reliable Linux application installations, use the industry's leading
> setup authoring tool, InstallShield X. Learn more and evaluate 
> today. http://clk.atdmt.com/MSI/go/ins0030000001msi/direct/01/
> _______________________________________________
> Openvpn-users mailing list
> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/openvpn-users
> 


-------------------------------------------------------
This Newsletter Sponsored by: Macrovision 
For reliable Linux application installations, use the industry's leading
setup authoring tool, InstallShield X. Learn more and evaluate 
today. http://clk.atdmt.com/MSI/go/ins0030000001msi/direct/01/
_______________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users