mirror of
https://github.com/SoftEtherVPN/SoftEtherVPN.git
synced 2024-11-26 11:29:53 +03:00
Add the possibility to send the Virtual Hub Name to a RADIUS server as NAS-Identifier
This commit is contained in:
parent
7e00268084
commit
7772ee119e
@ -602,6 +602,7 @@ void DataToHubOptionStruct(HUB_OPTION *o, RPC_ADMIN_OPTION *ao)
|
|||||||
GetHubAdminOptionDataAndSet(ao, "DetectDormantSessionInterval", &o->DetectDormantSessionInterval);
|
GetHubAdminOptionDataAndSet(ao, "DetectDormantSessionInterval", &o->DetectDormantSessionInterval);
|
||||||
GetHubAdminOptionDataAndSet(ao, "NoPhysicalIPOnPacketLog", &o->NoPhysicalIPOnPacketLog);
|
GetHubAdminOptionDataAndSet(ao, "NoPhysicalIPOnPacketLog", &o->NoPhysicalIPOnPacketLog);
|
||||||
GetHubAdminOptionDataAndSet(ao, "UseHubNameAsDhcpUserClassOption", &o->UseHubNameAsDhcpUserClassOption);
|
GetHubAdminOptionDataAndSet(ao, "UseHubNameAsDhcpUserClassOption", &o->UseHubNameAsDhcpUserClassOption);
|
||||||
|
GetHubAdminOptionDataAndSet(ao, "UseHubNameAsRadiusNasId", &o->UseHubNameAsRadiusNasId);
|
||||||
}
|
}
|
||||||
|
|
||||||
// Convert the contents of the HUB_OPTION to data
|
// Convert the contents of the HUB_OPTION to data
|
||||||
@ -672,6 +673,7 @@ void HubOptionStructToData(RPC_ADMIN_OPTION *ao, HUB_OPTION *o, char *hub_name)
|
|||||||
Add(aol, NewAdminOption("DetectDormantSessionInterval", o->DetectDormantSessionInterval));
|
Add(aol, NewAdminOption("DetectDormantSessionInterval", o->DetectDormantSessionInterval));
|
||||||
Add(aol, NewAdminOption("NoPhysicalIPOnPacketLog", o->NoPhysicalIPOnPacketLog));
|
Add(aol, NewAdminOption("NoPhysicalIPOnPacketLog", o->NoPhysicalIPOnPacketLog));
|
||||||
Add(aol, NewAdminOption("UseHubNameAsDhcpUserClassOption", o->UseHubNameAsDhcpUserClassOption));
|
Add(aol, NewAdminOption("UseHubNameAsDhcpUserClassOption", o->UseHubNameAsDhcpUserClassOption));
|
||||||
|
Add(aol, NewAdminOption("UseHubNameAsRadiusNasId", o->UseHubNameAsRadiusNasId));
|
||||||
|
|
||||||
Zero(ao, sizeof(RPC_ADMIN_OPTION));
|
Zero(ao, sizeof(RPC_ADMIN_OPTION));
|
||||||
|
|
||||||
|
@ -280,6 +280,7 @@ struct HUB_OPTION
|
|||||||
UINT DetectDormantSessionInterval; // Interval (seconds) threshold to detect a dormant VPN session
|
UINT DetectDormantSessionInterval; // Interval (seconds) threshold to detect a dormant VPN session
|
||||||
bool NoPhysicalIPOnPacketLog; // Disable saving physical IP address on the packet log
|
bool NoPhysicalIPOnPacketLog; // Disable saving physical IP address on the packet log
|
||||||
bool UseHubNameAsDhcpUserClassOption; // Add HubName to DHCP request as User-Class option
|
bool UseHubNameAsDhcpUserClassOption; // Add HubName to DHCP request as User-Class option
|
||||||
|
bool UseHubNameAsRadiusNasId; // Add HubName to Radius request as NAS-Identifier attrioption
|
||||||
};
|
};
|
||||||
|
|
||||||
// MAC table entry
|
// MAC table entry
|
||||||
|
@ -1653,6 +1653,10 @@ bool ServerAccept(CONNECTION *c)
|
|||||||
if (hub->Option != NULL)
|
if (hub->Option != NULL)
|
||||||
{
|
{
|
||||||
radius_login_opt.In_CheckVLanId = hub->Option->AssignVLanIdByRadiusAttribute;
|
radius_login_opt.In_CheckVLanId = hub->Option->AssignVLanIdByRadiusAttribute;
|
||||||
|
if (hub->Option->UseHubNameAsRadiusNasId == true)
|
||||||
|
{
|
||||||
|
StrCpy(radius_login_opt.NasId, sizeof(radius_login_opt.NasId), hubname);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Get the various flags
|
// Get the various flags
|
||||||
|
@ -212,7 +212,16 @@ bool RadiusLogin(CONNECTION *c, char *server, UINT port, UCHAR *secret, UINT sec
|
|||||||
{
|
{
|
||||||
// Generate a password packet
|
// Generate a password packet
|
||||||
BUF *user_password = (is_mschap ? NULL : RadiusCreateUserPassword(encrypted_password->Buf, encrypted_password->Size));
|
BUF *user_password = (is_mschap ? NULL : RadiusCreateUserPassword(encrypted_password->Buf, encrypted_password->Size));
|
||||||
BUF *nas_id = RadiusCreateNasId(CEDAR_SERVER_STR);
|
BUF *nas_id;
|
||||||
|
|
||||||
|
if (IsEmptyStr(opt->NasId) == true)
|
||||||
|
{
|
||||||
|
nas_id = RadiusCreateNasId(CEDAR_SERVER_STR);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
nas_id = RadiusCreateNasId(opt->NasId);
|
||||||
|
}
|
||||||
|
|
||||||
if (is_mschap || user_password != NULL)
|
if (is_mschap || user_password != NULL)
|
||||||
{
|
{
|
||||||
|
@ -121,11 +121,13 @@
|
|||||||
|
|
||||||
// RADIUS attributes
|
// RADIUS attributes
|
||||||
#define RADIUS_ATTRIBUTE_VLAN_ID 81
|
#define RADIUS_ATTRIBUTE_VLAN_ID 81
|
||||||
|
#define RADIUS_MAX_NAS_ID_LEN 253
|
||||||
|
|
||||||
struct RADIUS_LOGIN_OPTION
|
struct RADIUS_LOGIN_OPTION
|
||||||
{
|
{
|
||||||
bool In_CheckVLanId;
|
bool In_CheckVLanId;
|
||||||
UINT Out_VLanId;
|
UINT Out_VLanId;
|
||||||
|
char NasId[RADIUS_MAX_NAS_ID_LEN + 1]; // NAS-Identifier
|
||||||
};
|
};
|
||||||
|
|
||||||
// Function prototype
|
// Function prototype
|
||||||
|
@ -4107,6 +4107,7 @@ void SiLoadHubOptionCfg(FOLDER *f, HUB_OPTION *o)
|
|||||||
o->DetectDormantSessionInterval = CfgGetInt(f, "DetectDormantSessionInterval");
|
o->DetectDormantSessionInterval = CfgGetInt(f, "DetectDormantSessionInterval");
|
||||||
o->NoPhysicalIPOnPacketLog = CfgGetBool(f, "NoPhysicalIPOnPacketLog");
|
o->NoPhysicalIPOnPacketLog = CfgGetBool(f, "NoPhysicalIPOnPacketLog");
|
||||||
o->UseHubNameAsDhcpUserClassOption = CfgGetBool(f, "UseHubNameAsDhcpUserClassOption");
|
o->UseHubNameAsDhcpUserClassOption = CfgGetBool(f, "UseHubNameAsDhcpUserClassOption");
|
||||||
|
o->UseHubNameAsRadiusNasId = CfgGetBool(f, "UseHubNameAsRadiusNasId");
|
||||||
|
|
||||||
// Enabled by default
|
// Enabled by default
|
||||||
if (CfgIsItem(f, "ManageOnlyPrivateIP"))
|
if (CfgIsItem(f, "ManageOnlyPrivateIP"))
|
||||||
@ -4206,6 +4207,7 @@ void SiWriteHubOptionCfg(FOLDER *f, HUB_OPTION *o)
|
|||||||
CfgAddBool(f, "DisableCheckMacOnLocalBridge", o->DisableCheckMacOnLocalBridge);
|
CfgAddBool(f, "DisableCheckMacOnLocalBridge", o->DisableCheckMacOnLocalBridge);
|
||||||
CfgAddBool(f, "DisableCorrectIpOffloadChecksum", o->DisableCorrectIpOffloadChecksum);
|
CfgAddBool(f, "DisableCorrectIpOffloadChecksum", o->DisableCorrectIpOffloadChecksum);
|
||||||
CfgAddBool(f, "UseHubNameAsDhcpUserClassOption", o->UseHubNameAsDhcpUserClassOption);
|
CfgAddBool(f, "UseHubNameAsDhcpUserClassOption", o->UseHubNameAsDhcpUserClassOption);
|
||||||
|
CfgAddBool(f, "UseHubNameAsRadiusNasId", o->UseHubNameAsRadiusNasId);
|
||||||
}
|
}
|
||||||
|
|
||||||
// Write the user
|
// Write the user
|
||||||
@ -7533,6 +7535,7 @@ void SiCalledUpdateHub(SERVER *s, PACK *p)
|
|||||||
o.DisableCheckMacOnLocalBridge = PackGetBool(p, "DisableCheckMacOnLocalBridge");
|
o.DisableCheckMacOnLocalBridge = PackGetBool(p, "DisableCheckMacOnLocalBridge");
|
||||||
o.DisableCorrectIpOffloadChecksum = PackGetBool(p, "DisableCorrectIpOffloadChecksum");
|
o.DisableCorrectIpOffloadChecksum = PackGetBool(p, "DisableCorrectIpOffloadChecksum");
|
||||||
o.UseHubNameAsDhcpUserClassOption = PackGetBool(p, "UseHubNameAsDhcpUserClassOption");
|
o.UseHubNameAsDhcpUserClassOption = PackGetBool(p, "UseHubNameAsDhcpUserClassOption");
|
||||||
|
o.UseHubNameAsRadiusNasId = PackGetBool(p, "UseHubNameAsRadiusNasId");
|
||||||
|
|
||||||
save_packet_log = PackGetInt(p, "SavePacketLog");
|
save_packet_log = PackGetInt(p, "SavePacketLog");
|
||||||
packet_log_switch_type = PackGetInt(p, "PacketLogSwitchType");
|
packet_log_switch_type = PackGetInt(p, "PacketLogSwitchType");
|
||||||
@ -9384,6 +9387,7 @@ void SiPackAddCreateHub(PACK *p, HUB *h)
|
|||||||
PackAddData(p, "HashedPassword", h->HashedPassword, SHA1_SIZE);
|
PackAddData(p, "HashedPassword", h->HashedPassword, SHA1_SIZE);
|
||||||
PackAddData(p, "SecurePassword", h->SecurePassword, SHA1_SIZE);
|
PackAddData(p, "SecurePassword", h->SecurePassword, SHA1_SIZE);
|
||||||
PackAddBool(p, "UseHubNameAsDhcpUserClassOption", h->Option->UseHubNameAsDhcpUserClassOption);
|
PackAddBool(p, "UseHubNameAsDhcpUserClassOption", h->Option->UseHubNameAsDhcpUserClassOption);
|
||||||
|
PackAddBool(p, "UseHubNameAsRadiusNasId", h->Option->UseHubNameAsRadiusNasId);
|
||||||
|
|
||||||
SiAccessListToPack(p, h->AccessList);
|
SiAccessListToPack(p, h->AccessList);
|
||||||
|
|
||||||
|
@ -557,6 +557,7 @@ HUB_AO_SecureNAT_RandomizeAssignIp If you set this option to non-zero value, t
|
|||||||
HUB_AO_DetectDormantSessionInterval If you set this option to non-zero value, then the Virtual Hub will treat the VPN sessions, which have transmitted no packets for the last specified intervals (in seconds), as Dormant Sessions. The Virtual Hub will not flood packets, which should be flood, to any Dormant Sessions.
|
HUB_AO_DetectDormantSessionInterval If you set this option to non-zero value, then the Virtual Hub will treat the VPN sessions, which have transmitted no packets for the last specified intervals (in seconds), as Dormant Sessions. The Virtual Hub will not flood packets, which should be flood, to any Dormant Sessions.
|
||||||
HUB_AO_NoPhysicalIPOnPacketLog If you set this option to non-zero value, then the physical IP addresses of VPN clients of either the source VPN session or the destination VPN session will not be recorded on the packet log file.
|
HUB_AO_NoPhysicalIPOnPacketLog If you set this option to non-zero value, then the physical IP addresses of VPN clients of either the source VPN session or the destination VPN session will not be recorded on the packet log file.
|
||||||
HUB_AO_UseHubNameAsDhcpUserClassOption If you set this option to non-zero value, then the Virtual Hub Name will be added to a DHCP request to an external DHCP server as the "User-Class" option. This allows to use separate pools of IP addresses for each Virtual Hub.
|
HUB_AO_UseHubNameAsDhcpUserClassOption If you set this option to non-zero value, then the Virtual Hub Name will be added to a DHCP request to an external DHCP server as the "User-Class" option. This allows to use separate pools of IP addresses for each Virtual Hub.
|
||||||
|
HUB_AO_UseHubNameAsRadiusNasId If you set this option to non-zero value, then the NAS-Identidier RADIUS attribute will be set to a name of the Virtual Hub. This allows to determine on Radius server whether access to the Virtual Hub should be granted or denied.
|
||||||
|
|
||||||
|
|
||||||
# Concerning failed connection dialogs
|
# Concerning failed connection dialogs
|
||||||
|
Loading…
Reference in New Issue
Block a user