ocserv trying to assign IP address 255.255.255.254 to tun device causes authentication failed
syouwa
syouwa at gmail.com
Tue Jan 17 06:48:05 PST 2017
Freeradius is my authentication method, I found that ocserv trying to
assign IP address 255.255.255.254 to tun device and seems that caused
authentication fail, 255.255.255.254 is the value of Framed-IP-Address
attribute defined in radgoupreply table, is this a bug?
...
ocserv[6517]: radius-auth: opening session
QEZrDavGuU+alu9EEOX7WGVCXl/kRtD0iD9rZAPEGY8=
ocserv[6517]: sec-mod: initiating session for user 'syouwa at gmail.com'
(session: QEZrDa)
ocserv[6516]: main[syouwa at gmail.com]: 111.202.52.130:50127 new user session
ocserv[6516]: main[syouwa at gmail.com]: 111.202.52.130:50127 assigned
IPv4: 255.255.255.254
ocserv[6516]: main[syouwa at gmail.com]: 111.202.52.130:50127 assigning tun
device vpns0
ocserv[6516]: main: tun.c:386: vpns0: Error setting DST IPv4: Invalid
argument
ocserv[6516]: main[syouwa at gmail.com]: 111.202.52.130:50127 failed
authentication attempt for user 'syouwa at gmail.com'
...
From rfc2865 Framed-IP-Address definition
...
Address
The Address field is four octets. The value 0xFFFFFFFF indicates
that the NAS Should allow the user to select an address (e.g.
Negotiated). The value 0xFFFFFFFE indicates that the NAS should
select an address for the user (e.g. Assigned from a pool of
addresses kept by the NAS). Other valid values indicate that the
NAS should use that value as the user's IP address.
...
Thanks,
David
More information about the openconnect-devel
mailing list