summaryrefslogtreecommitdiff
path: root/data/templates/ocserv
diff options
context:
space:
mode:
Diffstat (limited to 'data/templates/ocserv')
-rw-r--r--data/templates/ocserv/ocserv_config.j24
-rw-r--r--data/templates/ocserv/radius_conf.j242
2 files changed, 34 insertions, 12 deletions
diff --git a/data/templates/ocserv/ocserv_config.j2 b/data/templates/ocserv/ocserv_config.j2
index 3194354e6..aa8897703 100644
--- a/data/templates/ocserv/ocserv_config.j2
+++ b/data/templates/ocserv/ocserv_config.j2
@@ -10,6 +10,10 @@ udp-port = {{ listen_ports.udp }}
run-as-user = nobody
run-as-group = daemon
+{% if "radius" in accounting.mode %}
+acct = "radius [config=/run/ocserv/radiusclient.conf]"
+{% endif %}
+
{% if "radius" in authentication.mode %}
auth = "radius [config=/run/ocserv/radiusclient.conf{{ ',groupconfig=true' if authentication.radius.groupconfig is vyos_defined else '' }}]"
{% elif "local" in authentication.mode %}
diff --git a/data/templates/ocserv/radius_conf.j2 b/data/templates/ocserv/radius_conf.j2
index b6612fee5..65548e3ad 100644
--- a/data/templates/ocserv/radius_conf.j2
+++ b/data/templates/ocserv/radius_conf.j2
@@ -1,20 +1,38 @@
### generated by vpn_openconnect.py ###
nas-identifier VyOS
-{% for srv in server %}
-{% if not "disable" in server[srv] %}
-{% if "port" in server[srv] %}
-authserver {{ srv }}:{{ server[srv]["port"] }}
-{% else %}
-authserver {{ srv }}
+
+#### Accounting
+{% if "radius" in accounting['mode'] %}
+{% for acctsrv in accounting['radius']['server'] %}
+{% if not "disable" in accounting['radius']['server'][acctsrv] %}
+{% if "port" in accounting['radius']['server'][acctsrv] %}
+acctserver {{ acctsrv }}:{{ accounting['radius']['server'][acctsrv]['port'] }}
+{% else %}
+acctserver {{ acctsrv }}
+{% endif %}
{% endif %}
-{% endif %}
-{% endfor %}
-radius_timeout {{ timeout }}
-{% if source_address %}
-bindaddr {{ source_address }}
-{% else %}
+{% endfor %}
+{% endif %}
+
+#### Authentication
+{% if "radius" in authentication['mode'] %}
+{% for authsrv in authentication['radius']['server'] %}
+{% if not "disable" in authentication['radius']['server'][authsrv] %}
+{% if "port" in authentication['radius']['server'][authsrv] %}
+authserver {{ authsrv }}:{{ authentication['radius']['server'][authsrv]['port'] }}
+{% else %}
+authserver {{ authsrv }}
+{% endif %}
+{% endif %}
+{% endfor %}
+radius_timeout {{ authentication['radius']['timeout'] }}
+{% if source_address %}
+bindaddr {{ authentication['radius']['source_address'] }}
+{% else %}
bindaddr *
+{% endif %}
{% endif %}
+
servers /run/ocserv/radius_servers
dictionary /etc/radcli/dictionary
default_realm