Our firewall has a few VPN servers on deferent ports (single IP). The IP is reported correctly to Freeradius and then showing it as the client in Privacyidea. I can see that the client can be used in a policy, but I also need to use the port (Freeradius shows it as NAS-port). Any way to use this in a Privacyidea policy?
This is interesting but not directly possible.
Sending an arbitrary attribute (which would be the NAS-port) is not possible.
Hi,
are you able to send different NAS-IPs from the VPN-Servers? So you could use them as different clients.
Hi
I’m aware of that option, bit some sites have a single IP.
As of version 3.12 there are the extended policy conditions RequestData.
You can match any parameter. So if you manage to send an arbitrary parameter like “nasport” to the /validate/check endpoint, you can use this in your policy condition.
However, you might need to adapt the RADIUS plugin, so that all arbitrary parameters are sent.