2

Currently for one of the company I am using ASA 5505 as an VPN server with freeradius (mysql module) as an authentication backend.

User authenticatin is based on the group password, user password and IP address. My database entries looks like this:

+-----+----------+--------------------+----+----------------------------------+
| id  | username | attribute          | op | value                            |
+-----+----------+--------------------+----+----------------------------------+
| 103 | user1    | MD5-Password       | := | 2ed4b197300dfee19315bd8d228c936e |
| 104 | user1    | Calling-Station-Id | == | IP_ADDRESS                       |
+-----+----------+--------------------+----+----------------------------------+

Everything works fine, so user1 can connect to the VPN if he/she has the right passwords (group + single user) and the right IP_ADDRESS. However I am having difficulty finding a way how to white list more than one IP address for a single user.

So basically I would like to know how to add multiple IP addresses to a single user. I don't want to add a new username for the same user, just due to an extra IP.

golja
  • 1,611
  • 10
  • 14

1 Answers1

1

I have zero experience here, but a quick Google search lead me to this page. http://wiki.freeradius.org/config/Operators Instead of using the == for an exact match you might be able to use the regex operator =~? Take a look at the other operators as well. Perhaps there is something else?

Zoredache
  • 128,755
  • 40
  • 271
  • 413
  • 1
    Hey @Zoredache tnx for the hint. I was already exploring the regex option, but if possible I would like to get a more "clean" solution so the other staff will find it easier to maintain. – golja Jan 29 '13 at 02:40
  • I also, have not used this product, but with regex, adding additional IPs should be pretty "clean". Can you not just do (IP1)|(IP2)|(IP3), etc? So the other staff just keeps appending |(IPnew) to the value. The pipe is an or. – sjw Feb 08 '13 at 17:28