ocserv trying to assign IP address 255.255.255.254 to tun device causes authentication failed

Nikos Mavrogiannopoulos n.mavrogiannopoulos at gmail.com
Tue Jan 17 07:47:10 PST 2017


On Tue, Jan 17, 2017 at 3:48 PM, syouwa <syouwa at gmail.com> wrote:
> Freeradius is my authentication method, I found that ocserv trying to assign
> IP address 255.255.255.254 to tun device and seems that caused
> authentication fail, 255.255.255.254 is the value of Framed-IP-Address
> attribute defined in radgoupreply table, is this a bug?
>
> ...
> ocserv[6517]: radius-auth: opening session
> QEZrDavGuU+alu9EEOX7WGVCXl/kRtD0iD9rZAPEGY8=
> ocserv[6517]: sec-mod: initiating session for user 'syouwa at gmail.com'
> (session: QEZrDa)
> ocserv[6516]: main[syouwa at gmail.com]: 111.202.52.130:50127 new user session
> ocserv[6516]: main[syouwa at gmail.com]: 111.202.52.130:50127 assigned IPv4:
> 255.255.255.254
> ocserv[6516]: main[syouwa at gmail.com]: 111.202.52.130:50127 assigning tun
> device vpns0
> ocserv[6516]: main: tun.c:386: vpns0: Error setting DST IPv4: Invalid
> argument
> ocserv[6516]: main[syouwa at gmail.com]: 111.202.52.130:50127 failed
> authentication attempt for user 'syouwa at gmail.com'

Looks easy to fix. Can you try the patch at:
https://gitlab.com/ocserv/ocserv/merge_requests/35

Alternatively, you can configure the server not to send the Frame-IP-Address.

regards,
Nikos



More information about the openconnect-devel mailing list