freeradius: fallback to default vlan whem proxying to federez

2023-07-02 21:26:02 +02:00 · 2023-07-02 21:26:02 +02:00 · 2f4c6a53d8
commit 2f4c6a53d8
parent ddd8c6dcc0
3 changed files with 15 additions and 13 deletions
--- a/roles/freeradius/templates/mods-available/linelog.j2
+++ b/roles/freeradius/templates/mods-available/linelog.j2
@ -18,7 +18,7 @@ linelog linelog_inner_postauth {
    reference = {{ 'messages.%{%{reply:Packet-Type}:-default}' | enquote }}

    messages {
-        Access-Accept = {{ '${...linelog_inner_prefix} accepted "%{jsonquote:%{User-Name}}" (VLAN %{reply:Tunnel-Private-Group-Id})' | enquote }}
+        Access-Accept = {{ '${...linelog_inner_prefix} accepted "%{jsonquote:%{User-Name}}" (VLAN %{reply:Tunnel-Private-Group-Id:-unknown})' | enquote }}
        Access-Reject = {{ '${...linelog_inner_prefix} rejected "%{jsonquote:%{User-Name}}" (%{%{Module-Failure-Message}:-unknown})' | enquote }}
        default = {{ '${...linelog_inner_prefix} unknown packet type %{Packet-Type}' | enquote }}
    }
@ -47,7 +47,7 @@ linelog linelog_outer_postauth {
    reference = {{ 'messages.%{%{reply:Packet-Type}:-default}' | enquote }}

    messages {
-        Access-Accept = {{ '${...linelog_outer_prefix} accepted "%{jsonquote:%{User-Name}}" (VLAN %{reply:Tunnel-Private-Group-Id})' | enquote }}
+        Access-Accept = {{ '${...linelog_outer_prefix} accepted "%{jsonquote:%{User-Name}}" (VLAN %{reply:Tunnel-Private-Group-Id:-unknown})' | enquote }}
        Access-Reject = {{ '${...linelog_outer_prefix} rejected "%{jsonquote:%{User-Name}}" (%{%{Module-Failure-Message}:-unknown})' | enquote }}
        default = {{ '${...linelog_outer_prefix} unknown packet type %{Packet-Type}' | enquote }}
    }
--- a/roles/freeradius/templates/sites-available/inner-aurore.j2
+++ b/roles/freeradius/templates/sites-available/inner-aurore.j2
@ -38,18 +38,10 @@ server inner-aurore {
    }

    post-auth {
-        update outer.session-state {
-            Tunnel-Type := VLAN
-            Tunnel-Medium-Type := IEEE-802
-        }
        if (&reply:Tunnel-Private-Group-ID) {
            update outer.session-state {
                Tunnel-Private-Group-ID := &reply:Tunnel-Private-Group-ID
            }
-        } else {
-            update outer.session-state {
-                Tunnel-Private-Group-ID := {{ radiusd__guest_vlan | int }}
-            }
        }
        linelog_inner_postauth
        Post-Auth-Type reject {
--- a/roles/freeradius/templates/sites-available/outer-aurore.j2
+++ b/roles/freeradius/templates/sites-available/outer-aurore.j2
@ -55,11 +55,21 @@ server outer-aurore {
                && &request:User-Name \
                && (&reply:User-Name == &request:User-Name)) {
            update reply {
-                &User-Name !* ANY
+                User-Name !* ANY
            }
        }
-        update {
-            reply: += &session-state:
+        update reply {
+            Tunnel-Medium-Type := IEEE-802
+            Tunnel-Type := VLAN
+        }
+        if (&session-state:Tunnel-Private-Group-ID) {
+            update reply {
+                Tunnel-Private-Group-ID := &session-state:Tunnel-Private-Group-ID
+            }
+        } else {
+            update reply {
+                Tunnel-Private-Group-ID := {{ radiusd__guest_vlan | int }}
+            }
        }
        Post-Auth-Type reject {
            attr_filter.access_reject