External RADIUS / Cisco-AVPair / clientip

mmercier

Hello,

I have OpenVPN configured on pfSense Plus 22.01-RELEASE (amd64). I am attempting to add user inbound firewall rules following the instructions here:

https://docs.netgate.com/pfsense/en/latest/vpn/openvpn/client-parameters-radius.html

I am not using the built-in pfSense RADIUS server, I have installed a standalone Freeradius server. I have the following entry in the RADUIS server for the user:

Cisco-AVPair = "ip:inacl#1=permit tcp {clientip} host 192.168.144.1 eq 443",

I see the following error when the user connects to OpenVPN:

Mar 3 09:03:56 vpn openvpn[66530]: Error parsing rule permit tcp {clientip} host 192.168.144.1 eq 443: Invalid source network '{clientip}'.

I have seen this:

https://redmine.pfsense.org/issues/11561

but it was supposed to be fixed in 2.5.1. Anyone else experiencing this issue?

mmercier

So, I figured it out. I was missing the 'host' keyword before {clientip}.

Cisco-AVPair = "ip:inacl#1=permit tcp host {clientip} host 192.168.144.1 eq 443"

rupocinski

@mmercier can you please give me the step by step to get openvpn on the 22.01 release, been trying to configure it and it won’t start. Went by all documentation twice every time and nothing, is there another documentation on configuration for 22.01 release, please and thank you.