vyos/vyos-documentation
1
0
Fork 0
mirror of https://github.com/vyos/vyos-documentation.git synced 2025-10-26 08:41:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #934 from PeppyH/T4958-openconnect-radius-accounting

Browse Source 
T4958: ocserv: openconnect: document RADIUS accounting
This commit is contained in:
Robert Göhler 2023-01-30 14:49:23 +01:00 committed by GitHub
commit d61ed671c5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 31 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
docs/configuration/vpn/openconnect.rst
View File

@ -221,3 +221,34 @@ To display the configured OTP user settings, use the command:
.. code-block:: none
show openconnect-server user <username> otp <full|key-b32|key-hex|qrcode|uri>
Configuring RADIUS accounting
===========================
OpenConnect can be configured to send accounting information to a
RADIUS server to capture user session data such as time of
connect/disconnect, data transferred, and so on.
Configure an accounting server and enable accounting with:
.. code-block:: none
set vpn openconnect accounting mode radius
set vpn openconnect accounting radius server 172.20.20.10
set vpn openconnect accounting radius server 172.20.20.10 port 1813
set vpn openconnect accounting radius server 172.20.20.10 key your_radius_secret
.. warning:: The RADIUS accounting feature must be used with the OpenConnect
authentication mode RADIUS. It cannot be used with local authentication.
You must configure the OpenConnect authentication mode to "radius".
An example of the data captured by a FREERADIUS server with sql accounting:
.. code-block:: none
mysql> SELECT username, nasipaddress, acctstarttime, acctstoptime, acctinputoctets, acctoutputoctets, callingstationid, framedipaddress, connectinfo_start FROM radacct;
+----------+---------------+---------------------+---------------------+-----------------+------------------+-------------------+-----------------+-----------------------------------+
| username | nasipaddress | acctstarttime | acctstoptime | acctinputoctets | acctoutputoctets | callingstationid | framedipaddress | connectinfo_start |
+----------+---------------+---------------------+---------------------+-----------------+------------------+-------------------+-----------------+-----------------------------------+
| test | 198.51.100.15 | 2023-01-13 00:59:15 | 2023-01-13 00:59:21 | 10606 | 152 | 192.168.6.1 | 172.20.20.198 | Open AnyConnect VPN Agent v8.05-1 |
+----------+---------------+---------------------+---------------------+-----------------+------------------+-------------------+-----------------+-----------------------------------+