Re: [Openvpn-users] Assigning a linear range of IP addresses to clients?

[Ray Van Dolson <rayvd@xxxxxxxxxxxxxxx>]

On Fri, Mar 31, 2006 at 10:07:22PM +0100, Jan Mulders wrote:
> I'm looking to assign a linear range (ie, 192.168.0.2, 192.168.0.3.. and so on)
> of IP addresses to the clients connecting to an OpenVPN daemon, in a routed
> configuration.
> 
> I understand that I need to reserve several IP addresses per user, to ensure
> compatibility with Windows. Is there any way of avoiding this? I am creating a
> virtual ISP setup, handing out public IPs to vpn clients, and assigning them
> that address both internally and externally.

You want to use the latest version of the OpenVPN software for Windows (the
beta).  Look into topology subnet.

> In addition, I am looking at the possibility of integrating OpenVPN with a
> RADIUS server, for user authentication, IP assignment and accounting. I have
> found a couple examples for auth and IPs, but nothing for accounting. I'd like
> to account bytes transferred, rather than connection time (seeing as that's how
> they're billed). Is there an 'easy way' of doing this from OpenVPN, or will I
> need to use a script monitoring IPTables totals every x seconds, and tells
> RADIUS itself?

Using the Radius plugin mentioned on the list has worked great for us.
Here's an excerpt from my radiusplugin.cnf file:

NAS-Identifier=langw
Service-Type=5
Framed-Protocol=1
NAS-Port-Type=5
NAS-IP-Address=<openvpnserver_ip>
ccdPath=/etc/openvpn/ccd/
statusFile=/var/log/openvpn/status.log
server
{
        acctport=1813
        authport=1812
        name=<radiusserver_ip>
        retry=1
        wait=1
        sharedsecret=<secret>

}

This does both accounting and authentication.

Ray

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users