1st post…
I am new to PI and am VERY impressed, what a great solution, well done.
We run a multi-tenant network with each client having a dedicated VLAN.
We run OVPN on pfSense and to date have used the pfSense Radius package. This allowed us to assign IP addresses with VPN users and then use firewall rules to restrict users to their VLAN.
I have configured PI with FreeRadius and now have users authenticating using their LDAP UID and htop. This works well.
I need to be able to identify users in pfSense so I can restrict, using FW rules, which VLAN they can access.
Is there a way in PI to associate a realm with a VLAN and have this passed back to pfSense for use in FW rules?
Thanks in advance.
I have now created an extended atrribute in my LDAP schema called vpnStaticIP and created an attribute mapping in my LDAP resolver. This works.
I believe The only missing piece is to now return this IP address to pfSense as “Framed-IP-Address” however I have no idea how to achieve this.
A similar questions was asked and answered here but I do not know what to do:
the problem that I face with it is how can I assign a static IP address to authenticated users through 2FA?
In my scenario, IP Addresses are assigned to domain users via Dial-in tab > Static IP Address.
Through radius authentication should map domain ‘msradiusframedipaddress’ attribute to radius ‘Framed-IP-Address’ and then assign it to authenticated users, but the problem is Microsoft stores IP Address (Dial-in tab > Static IP Address) in decimal and it must be converted to IPv4 dot-formated …
