|
From: | Ed Stout |
Subject: | Re: [Radiusplugin-users] Stale Users / Checking |
Date: | Sun, 9 Jan 2011 19:46:43 +0000 (GMT) |
I came across this same problem a while ago. There is no definitive way for OpenVPN and Freeradius to sync together in a way to get rid of stale sessions. This has to be handled solely on Freeradius.
To be able to properly identify stale sessions, I implemented a ‘modified’ column in the radacct MySQL table. This field gets updated with the MySQL function NOW() when accounting_start_query and accounting_update_query are called (in dialup.conf). I have a PHP script that runs the following query:
UPDATE radacct SET acctstoptime = NOW() WHERE acctstoptime IS NULL AND modified < (NOW() - INTERVAL '3' MINUTE)
This checks to see if any sessions that the radiusplugin or radius server thinks is active (acctstoptime IS NULL), and hasn’t been updated in the last 3 minutes (I have Acct-Interim-Interval = 60 set), then consider it a stale session and end it.
Another way could be to set the new column ‘modified’ to be ‘on update CURRENT_TIMESTAMP’ – thus, requiring no modifications to dialup.conf.
Regards,
Stuart.
Hi Stuart, Thanks for the reply, this seems like a nice solution - although when i get some time i think ill put together a perl script to check the OpenVPN status via telnet, will post anything back here.
Thanks again,
Ed
[Prev in Thread] | Current Thread | [Next in Thread] |