PFsense sends incorrect ifconfig cmd to client when static ip set in freeRadius
-
I set up an openvpn server using freeradius to manage logins. Everything works until I try to set a static ip for the user entry in freeradius.
With ip address set in freeradius:
openvpn[75186]: xxxx/32.217.213.30:55684 SENT CONTROL [xxxx]: 'PUSH_REPLY,route 10.11.0.0 255.255.0.0,route-gateway 10.23.0.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.23.1.103 10.23.1.104' (status=1)
without ip address set:
openvpn[75186]: xxxx/32.217.213.30:63619 SENT CONTROL [xxxx]: 'PUSH_REPLY,route 10.11.0.0 255.255.0.0,route-gateway 10.23.0.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.23.0.2 255.255.0.0' (status=1)
look at the last entry in the command "ipconfig". with the ip address set, the server sends the wrong netmask. of course this error results in a non-functional connection. and yes, the correct netmask is specified in the freeradius user settings
-
Well I seemed to solve my issue.
In the file https://github.com/pfsense/pfsense/blob/5240564c054781330437c1767d61114d33bf7bb8/src/etc/inc/openvpn.auth-user.php
The section that properly sends the correct ifconfig command has been commented out (line 190 - 197). I manually uncommented this section and now everything seems to work fine.
However, why was this part commented in the first place? ???
Looking at the git commit history, it's been like this since 2012. I guess it's just an oversight? If so, how do I get this corrected?
-
https://redmine.pfsense.org/issues/5129
https://github.com/pfsense/pfsense/pull/1894 -
awesome thanks!