Hi,
it seems that source-address parameter does not work in openconnect configuration, despite that source address is set explicitly, system use it own address according to routing table.
accounting {
radius {
server 10.40.0.224 {
key xxxxxxxxxxxxxxxx
port 1813
}
}
}
authentication {
group RemoteAccess
mode {
radius
}
radius {
server 10.40.0.224 {
key xxxxxxxxxxxxxxxx
port 1812
}
source-address 10.40.73.50
timeout 15
}
}
listen-ports {
tcp 443
}
network-settings {
client-ip-settings {
subnet 10.172.1.0/24
}
name-server 10.40.28.20
split-dns anywhere.com
}
ssl {
ca-certificate ca2019
certificate zip50.2019
}
and this is tcpdump for authentication request:
zotov@zip70# sudo tcpdump -i any port 1812 -np
tcpdump: data link type LINUX_SLL2
tcpdump: verbose output suppressed, use -v[v]… for full protocol decode
listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes
11:32:27.032621 tun002 Out IP 10.40.85.255.44654 > 10.40.0.224.1812: RADIUS, Access-Request (1), id: 0x03 length: 119
11:32:42.033767 tun002 Out IP 10.40.85.255.44654 > 10.40.0.224.1812: RADIUS, Access-Request (1), id: 0x03 length: 119
and this is generated configuration file /run/ocserv/radiusclient.conf:
generated by vpn_openconnect.py
nas-identifier VyOS
Accounting
Authentication
authserver 10.40.0.224:1812
radius_timeout 15
bindaddr *
servers /run/ocserv/radius_servers
dictionary /etc/radcli/dictionary
default_realm
radius_retries 3
vyos 1.4 built from git 20231130