diff options
Diffstat (limited to 'data')
| -rw-r--r-- | data/templates/ocserv/ocserv_config.j2 | 4 | ||||
| -rw-r--r-- | data/templates/ocserv/radius_conf.j2 | 42 |
2 files changed, 34 insertions, 12 deletions
diff --git a/data/templates/ocserv/ocserv_config.j2 b/data/templates/ocserv/ocserv_config.j2 index 3194354e6..aa8897703 100644 --- a/data/templates/ocserv/ocserv_config.j2 +++ b/data/templates/ocserv/ocserv_config.j2 @@ -10,6 +10,10 @@ udp-port = {{ listen_ports.udp }} run-as-user = nobody run-as-group = daemon +{% if "radius" in accounting.mode %} +acct = "radius [config=/run/ocserv/radiusclient.conf]" +{% endif %} + {% if "radius" in authentication.mode %} auth = "radius [config=/run/ocserv/radiusclient.conf{{ ',groupconfig=true' if authentication.radius.groupconfig is vyos_defined else '' }}]" {% elif "local" in authentication.mode %} diff --git a/data/templates/ocserv/radius_conf.j2 b/data/templates/ocserv/radius_conf.j2 index b6612fee5..65548e3ad 100644 --- a/data/templates/ocserv/radius_conf.j2 +++ b/data/templates/ocserv/radius_conf.j2 @@ -1,20 +1,38 @@ ### generated by vpn_openconnect.py ### nas-identifier VyOS -{% for srv in server %} -{% if not "disable" in server[srv] %} -{% if "port" in server[srv] %} -authserver {{ srv }}:{{ server[srv]["port"] }} -{% else %} -authserver {{ srv }} + +#### Accounting +{% if "radius" in accounting['mode'] %} +{% for acctsrv in accounting['radius']['server'] %} +{% if not "disable" in accounting['radius']['server'][acctsrv] %} +{% if "port" in accounting['radius']['server'][acctsrv] %} +acctserver {{ acctsrv }}:{{ accounting['radius']['server'][acctsrv]['port'] }} +{% else %} +acctserver {{ acctsrv }} +{% endif %} {% endif %} -{% endif %} -{% endfor %} -radius_timeout {{ timeout }} -{% if source_address %} -bindaddr {{ source_address }} -{% else %} +{% endfor %} +{% endif %} + +#### Authentication +{% if "radius" in authentication['mode'] %} +{% for authsrv in authentication['radius']['server'] %} +{% if not "disable" in authentication['radius']['server'][authsrv] %} +{% if "port" in authentication['radius']['server'][authsrv] %} +authserver {{ authsrv }}:{{ authentication['radius']['server'][authsrv]['port'] }} +{% else %} +authserver {{ authsrv }} +{% endif %} +{% endif %} +{% endfor %} +radius_timeout {{ authentication['radius']['timeout'] }} +{% if source_address %} +bindaddr {{ authentication['radius']['source_address'] }} +{% else %} bindaddr * +{% endif %} {% endif %} + servers /run/ocserv/radius_servers dictionary /etc/radcli/dictionary default_realm |