OpenVPN has a working RADIUS authentication and accounting plugin,
written by Ralf Lubben:
http://www.nongnu.org/radiusplugin/It
allows you to authenticate users using auth-user-pass against a RADIUS server,
and will send accounting packets describing their time and bandwidth
usage.
Thanks, I'll have a look at it.
It reauthenticates the user
on each rekeying and sends accounting packets according to what
Accounting-Interim-Interval (sent by the radius server) dictates.
Is
reauthentication transparent for the user ?
If you
email him about his vendor-supplied-attributes compatible plugin which
supports running an external Perl script when the user is authenticated (for
iptables rules, for example), I am using it in a limited production
environment successfully. It occasionally crashes if it can't contact the
RADIUS server, but is otherwise fine. (We're slowly working through the
bugs...)
Thanks, that would indeed avoid my needs to have the radius server
assign IP addresses.
It also supports direct
pushing of routes from the plugin itself, so if your RADIUS server sends
routes, it'll add them automatically.
Hope this helps,
I
does.
Thanks again,
Thibault
Jan