From e041874a9d7cce00b2d91778f2abf30f6f0dd6be Mon Sep 17 00:00:00 2001 From: Jamie Austin Date: Sun, 29 Jan 2023 10:51:26 +1100 Subject: T4958: ocserv: openconnect: document RADIUS accounting --- docs/configuration/vpn/openconnect.rst | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) (limited to 'docs/configuration') diff --git a/docs/configuration/vpn/openconnect.rst b/docs/configuration/vpn/openconnect.rst index 1b48571d..112da58f 100644 --- a/docs/configuration/vpn/openconnect.rst +++ b/docs/configuration/vpn/openconnect.rst @@ -221,3 +221,34 @@ To display the configured OTP user settings, use the command: .. code-block:: none show openconnect-server user otp + +Configuring RADIUS accounting +=========================== + +OpenConnect can be configured to send accounting information to a +RADIUS server to capture user session data such as time of +connect/disconnect, data transferred, and so on. + +Configure an accounting server and enable accounting with: + +.. code-block:: none + + set vpn openconnect accounting mode radius + set vpn openconnect accounting radius server 172.20.20.10 + set vpn openconnect accounting radius server 172.20.20.10 port 1813 + set vpn openconnect accounting radius server 172.20.20.10 key your_radius_secret + +.. warning:: The RADIUS accounting feature must be used with the OpenConnect + authentication mode RADIUS. It cannot be used with local authentication. + You must configure the OpenConnect authentication mode to "radius". + +An example of the data captured by a FREERADIUS server with sql accounting: + +.. code-block:: none + + mysql> SELECT username, nasipaddress, acctstarttime, acctstoptime, acctinputoctets, acctoutputoctets, callingstationid, framedipaddress, connectinfo_start FROM radacct; + +----------+---------------+---------------------+---------------------+-----------------+------------------+-------------------+-----------------+-----------------------------------+ + | username | nasipaddress | acctstarttime | acctstoptime | acctinputoctets | acctoutputoctets | callingstationid | framedipaddress | connectinfo_start | + +----------+---------------+---------------------+---------------------+-----------------+------------------+-------------------+-----------------+-----------------------------------+ + | test | 198.51.100.15 | 2023-01-13 00:59:15 | 2023-01-13 00:59:21 | 10606 | 152 | 192.168.6.1 | 172.20.20.198 | Open AnyConnect VPN Agent v8.05-1 | + +----------+---------------+---------------------+---------------------+-----------------+------------------+-------------------+-----------------+-----------------------------------+ -- cgit v1.2.3