diff options
| author | Christian Breunig <christian@breunig.cc> | 2023-01-28 10:10:06 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-01-28 10:10:06 +0100 |
| commit | 875bce2e79539b4ec3501fd75317ee2e1858edff (patch) | |
| tree | 16ffe63b43b5a699e7816987c210fd12a1ff491b /data | |
| parent | 248d4eda9304c34aaa9b2a8cd7a2b1c0bbbf91fe (diff) | |
| parent | 9321e75d1edbffe10b6194062c6fad7cbf205e3e (diff) | |
| download | vyos-1x-875bce2e79539b4ec3501fd75317ee2e1858edff.tar.gz vyos-1x-875bce2e79539b4ec3501fd75317ee2e1858edff.zip | |
Merge pull request #1787 from PeppyH/T4958-openconnect-radius-accounting
T4958: ocserv: openconnect: Add RADIUS accounting support
Diffstat (limited to 'data')
| -rw-r--r-- | data/templates/ocserv/ocserv_config.j2 | 4 | ||||
| -rw-r--r-- | data/templates/ocserv/radius_conf.j2 | 36 |
2 files changed, 29 insertions, 11 deletions
diff --git a/data/templates/ocserv/ocserv_config.j2 b/data/templates/ocserv/ocserv_config.j2 index 3194354e6..aa1073bca 100644 --- a/data/templates/ocserv/ocserv_config.j2 +++ b/data/templates/ocserv/ocserv_config.j2 @@ -10,6 +10,10 @@ udp-port = {{ listen_ports.udp }} run-as-user = nobody run-as-group = daemon +{% if accounting.mode.radius is vyos_defined %} +acct = "radius [config=/run/ocserv/radiusclient.conf]" +{% endif %} + {% if "radius" in authentication.mode %} auth = "radius [config=/run/ocserv/radiusclient.conf{{ ',groupconfig=true' if authentication.radius.groupconfig is vyos_defined else '' }}]" {% elif "local" in authentication.mode %} diff --git a/data/templates/ocserv/radius_conf.j2 b/data/templates/ocserv/radius_conf.j2 index b6612fee5..1ab322f69 100644 --- a/data/templates/ocserv/radius_conf.j2 +++ b/data/templates/ocserv/radius_conf.j2 @@ -1,20 +1,34 @@ ### generated by vpn_openconnect.py ### nas-identifier VyOS -{% for srv in server %} -{% if not "disable" in server[srv] %} -{% if "port" in server[srv] %} -authserver {{ srv }}:{{ server[srv]["port"] }} + +#### Accounting +{% if accounting.mode.radius is vyos_defined %} +{% for acctsrv, srv_conf in accounting.radius.server.items() if 'disable' not in srv_conf %} +{% if srv_conf.port is vyos_defined %} +acctserver {{ acctsrv }}:{{ srv_conf.port }} {% else %} -authserver {{ srv }} +acctserver {{ acctsrv }} {% endif %} -{% endif %} -{% endfor %} -radius_timeout {{ timeout }} -{% if source_address %} -bindaddr {{ source_address }} -{% else %} +{% endfor %} +{% endif %} + +#### Authentication +{% if authentication.mode.radius is vyos_defined %} +{% for authsrv, srv_conf in authentication.radius.server.items() if 'disable' not in srv_conf %} +{% if srv_conf.port is vyos_defined %} +authserver {{ authsrv }}:{{ srv_conf.port }} +{% else %} +authserver {{ authsrv }} +{% endif %} +{% endfor %} +radius_timeout {{ authentication['radius']['timeout'] }} +{% if source_address %} +bindaddr {{ authentication['radius']['source_address'] }} +{% else %} bindaddr * +{% endif %} {% endif %} + servers /run/ocserv/radius_servers dictionary /etc/radcli/dictionary default_realm |