Currently for one of the company I am using ASA 5505 as an VPN server with freeradius (mysql module) as an authentication backend.
User authenticatin is based on the group password, user password and IP address. My database entries looks like this:
+-----+----------+--------------------+----+----------------------------------+
| id | username | attribute | op | value |
+-----+----------+--------------------+----+----------------------------------+
| 103 | user1 | MD5-Password | := | 2ed4b197300dfee19315bd8d228c936e |
| 104 | user1 | Calling-Station-Id | == | IP_ADDRESS |
+-----+----------+--------------------+----+----------------------------------+
Everything works fine, so user1 can connect to the VPN if he/she has the right passwords (group + single user) and the right IP_ADDRESS. However I am having difficulty finding a way how to white list more than one IP address for a single user.
So basically I would like to know how to add multiple IP addresses to a single user. I don't want to add a new username for the same user, just due to an extra IP.
Best Answer
I have zero experience here, but a quick Google search lead me to this page. http://wiki.freeradius.org/config/Operators Instead of using the
==for an exact match you might be able to use the regex operator=~? Take a look at the other operators as well. Perhaps there is something else?