[eduVPN-deploy] Fixed IP - ccd

Thu Jul 28 14:09:13 CEST 2022

Thank you François,

this will do exactly what we need!!

Let me know when/how we can test this.

Thanks and regards,

Frank

On 28.07.22 08:25, François Kooman wrote:

ⓘ This message was sent from external user !
Please do not click links or open attachments unless you recognise the source of this email and know the content is safe.

________________________________

Hi Frank,

In the end it was not _that_ complicated to make this work. Wrote an API
callback class that logs the IP addresses on connect and disconnect. So,
if we allow this callback to call a HTTP service or run a (shell)script
we should be good :)

Jul 28 06:22:54 vpn-next.tuxed.net vpn-user-portal[730]: C fkooman
[10.89.165.2,fcda:8264:a469:e3c::2]
Jul 28 06:22:59 vpn-next.tuxed.net vpn-user-portal[731]: D fkooman
[10.89.165.2,fcda:8264:a469:e3c::2]

Regards,
François

On 27.07.22 11:24, François Kooman via eduVPN-deploy wrote:
On 26.07.22 18:40, Frank Weis wrote:
Hi,

Hi Frank,

it would be preferable to have the IP on disconnect too. Otherwise, if a
user connects with several devices, I'd have to drop all the IPs
associated with the user from the tables. On disconnects, having just
the IP(s) (not the userID) would probably be fine, but I'm sure that
doesn't help at all.

I'll have a look at it, this is at least a bit of a challenge to do that
cleanly in the server ;-)

I could work around this by setting maxActiveConfigurations to 1, I guess.

Sure.

The firewall has states, so I will need to remove IPs from tables AND
kill states on disconnects.

I meant state as in that it for example has an "ID" for a firewall
modification "event" that you can use later in the next request
(/disconnect) to "undo" the change.

Regards,
François

_______________________________________________
eduVPN-deploy mailing list
eduVPN-deploy at list.surfnet.nl<mailto:eduVPN-deploy at list.surfnet.nl>
https://list.surfnet.nl/mailman/listinfo/eduvpn-deploy

--

Frank Weis
Conseiller informaticien

LE GOUVERNEMENT DU GRAND-DUCHÉ DE LUXEMBOURG
Ministère de l’Éducation nationale, de l’Enfance et de la Jeunesse
Centre de gestion informatique de l’éducation

eduPôle - Walferdange
Route de Diekirch, L-7220 Walferdange
Adresse postale : B.P. 98, L-7201 Bereldange

Tél. Helpdesk: (+352) 247-85999 . Tél. Secrétariat: (+352) 247-85970 .Fax : (+352) 247-85174
E-mail : Frank.Weis at cgie.lu<mailto:Frank.Weis at cgie.lu>
www.cgie.lu<http://www.cgie.lu/>
www.men.lu<http://www.men.lu/>
www.gouvernement.lu<http://www.gouvernement.lu>
[cid:part1.j6q0B2er.Ve4YbE2E at cgie.lu]
Ce message et toutes pièces jointes sont établis à l'intention exclusive de ses destinataires. Ils peuvent contenir des informations confidentielles. Si vous recevez ce message par erreur, merci de le détruire et d'en avertir immédiatement l'expéditeur. Toute utilisation de ce message non conforme à sa destination, toute diffusion ou toute publication, totale ou partielle, est interdite, sauf autorisation expresse. Ce message a fait l'objet d'un traitement anti-virus.

Le contenu de ce message et des pièces jointes ne pourrait engager la responsabilité du ministère que s'il a été émis par une personne dûment habilitée agissant dans le strict cadre des fonctions auxquelles elle est employée et à des fins non étrangères à ses attributions.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://list.surfnet.nl/pipermail/eduvpn-deploy/attachments/20220728/2bde44c2/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 9pnE7dQqWFbBtVE0.png
Type: image/png
Size: 48587 bytes
Desc: 9pnE7dQqWFbBtVE0.png
URL: <https://list.surfnet.nl/pipermail/eduvpn-deploy/attachments/20220728/2bde44c2/attachment-0001.png>