I'm trying to bring up an OpenVPN service that authenticates users via Radius. The Radius server is made by me so I can play with the code and understand the internals better.
Upon a successful login I receive accounting data from the OpenVPN server. By saving these sessions I can then count the number of open sessions each user has because I want to deny them the opportunity to login multiple times. I could impose it at the OpenVPN server config but I might add some other servers in the future and I want to do it from the Radius side - if possible.
My problem is on the Radius side, once I detect multiple logins, what do I do?
I could try to access the management console of OpenVPN from my radius code but...there's got to be a better way.
I also tried sending Session-Timeout in the Access-Accept reply message to something lower in order to force them to authenticate more often and do my checks there but that setting seems to have no effect on the radius plugin used by OpenVPN:
NAS-Identifier=openvpn_udp
Service-Type=5
Framed-Protocol=1
NAS-Port-Type=5
NAS-IP-Address=10.50.0.14
OpenVPNConfig=/etc/openvpn/server.conf
overwriteccfiles=true
nonfatalaccounting=false
server
{
acctport=1813
authport=1812
name=10.50.0.13
retry=1
wait=1
sharedsecret=testing123
}
Any ideas on how to do this better?
