OpenWrt Forum Archive

Topic: Logging user seesion including IP address and time

The content of this topic has been archived on 30 Mar 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

It seems that I can configure a RADIUS accounting server in OpenWrt, however, I have not found any additional information how to use it ( URL: wiki.openwrt.org/doc/uci/wireless#wpaenterpriseaccesspoint ).

I want to use WPA2 EAP to authenticate users.

Is there a way to control the IP address which is provided to a user via RADIUS in OpenWrt. I would like to assign always the same IP address to a user and I would like to be able to log the session time and IP address for each user.

RADIUS supports the "Framed-IP-Address", but can I use it with OpenWrt?

Is there any other solution to log user sessions, including IP address and time of the session?

I have already contemplated to use a different VLAN for every user, however, my box only supports 15 VLANs; I need to handle around 40 users in a network with 8 APs.

Any proposal is very much appreciated.

Radius dos not provide an IP adrs. However, it can control the allowed quotas (traffic, connection time etc.) for a specific IP.
Your requirements might be best satisfied using a "Captive Portal". coova-chilli is best, but also the most complicated to set up.

Thanks a lot for you reply.

Well, actually you can use the "Framed-IP-Address" option either to inform RADIUS about the IP address used by a border device or to receive an IP address which you can assign to the client.

See e.g. dabbeljudabbeljudabbeljuDot     juniper.net/documentation/en_US/junos/topics/concept/subscriber-management-dual-stack-ipv4-address-negotiation-framed.html

This one is an example how a freeradius server can be configured with a  "Framed-IP-Address". Have a look at "Add Test User" in wiki.opnsense.org/manual/how-tos/accounting.html

Sorry, it seems I can not post complete links here, hope you can find it anyway.

I know the captive portal, however, it is an ongoing source for problems because it does not reliably open on all devices. That's why I am investigating EAP to move away from the captive portal. Actually, you have some more benefits from using WPA EAP.

Diameter wrote:

it is an ongoing source for problems because it does not reliably open on all devices.

As I did lot of customized solutions (i.g.hotspots) containing coova-chilli, I would be very interested in an example for ".... it does not reliably open on all devices".

The discussion might have continued from here.