Connection ID issue using anyconnect client
Nikos Mavrogiannopoulos
n.mavrogiannopoulos at gmail.com
Tue Sep 27 00:10:47 PDT 2016
On Sun, Sep 25, 2016 at 5:50 PM, Martin Oehler <martin.oehler at gmx.net> wrote:
> Hi list,
>
> I' using ocserv (current 0.11.5) with radius accounting (radcli).
> If I connect to the server with the openconnect client, the ID that
> is passed to the connect script is equal to the nasportid that is
> passed to the radius server. This is fine since it allows to easily
> identify connections on both sides.
> However, when the Cisco Anyconnect client connects, e.g. the version
> currently available on iOS, these IDs do not match but interestingly
> they are quite similar.
Hi,
You are right. The anyconnect client gets initially handled by a
different process than the one finally gets to handle it. The
openconnect on the other hand uses a single process throughout its
lifetime thus it is reported correctly. What we can do for the former
client is to update the reported nas-port on the subsequent accounting
messages:
Could you try out the following branch and check whether it addresses
the nas-port issue?
https://gitlab.com/ocserv/ocserv/merge_requests/13
regards,
Nikos
More information about the openconnect-devel
mailing list