Can OpenVPN send "Calling-Station-ID" attribute to RADIUS as client IP?
-
Hi All! I'm on pfSense 2.7.2-RELEASE.
So it looks like the OpenVPN server on pfSense sends "Calling-Station-ID" as the pfSense Interface IP, or at least the "RADIUS NAS IP Attribute" maybe? But I need Calling-Station-ID to be set as the end user client IP in order for Duo to properly filter connections. I see this code snippet in "/etc/inc/openvpn.auth-user.php":
$attributes = array("nas_identifier" => "openVPN",
"nas_port_type" => RADIUS_VIRTUAL,
"nas_port" => $_GET['nas_port'],
"calling_station_id" => get_interface_ip() . ":" . $_GET['nas_port']);I think I need "calling_station_ip" to instead be set to something like "get_client_ip()" (that's just a wild guess) or something, but I don't really know... I saw this post which kind of talks about what I want:
https://redmine.pfsense.org/issues/8087
Does anyone know if there is a way to somehow pass "calling_station_id" as the user's real internet IP? Or is there some other attribute passed that contains that information? I can tell my radius server to capture any relevant attribute and translate it to calling_station_id, if it's another one that it uses...?
Thanks for any insight!
-
I see the remote user connection IP is recorded somewhere, I see it when I click on "Status" -> "OpenVPN", where it shows the table of connected users, and it shows their remote IP there.
I see this in "/usr/local/www/status_openvpn.php":
<td><?=$conn['remote_host'];?></td>Looks like that line builds the table data for the remote user's IP address (and port) and displays it in the OpenVPN status table. Is there a way to get that same data (remote user's IP) into "/etc/inc/openvpn.auth-user.php"? My familiarity with the code isn't so great so I'm having a hard time tracing back how this data is discovered, but it seems like there can be a way....?