pppoe+radius server

fooler fooler at skyinet.net
Fri Jul 8 04:49:46 GMT 2005 

----- Original Message ----- 
From: "Hernán Freschi" <drgenio at gmail.com>
Cc: <freebsd-net at freebsd.org>
Sent: Friday, July 08, 2005 5:55 AM
Subject: Re: pppoe+radius server


>great great, only one problem. i make the radius server send the
>Filter-Id attr, with value "64:32" for 64 down/32 up. It seems to get
>to ppp: /etc/ppp/ppp.log:
>
>Phase: Filter "64:32"
>
>Notice it says "filter", not  filter-id
>
>so my /etc/ppp/ppp.linkup looks like this:
>
>default:
> bg /etc/ppp/addclient.sh USER INTERFACE HISADDR RAD_FILTER_ID
>
>and addclient.sh just:
>
> echo $1 $2 $3 $4 >> /test.log
>
>and /test.log looks like
>
>username tun0 10.20.20.20 RAD_FILTER_ID
>
>seems like ppp doesn't replace RAD_FILTER_ID with the Filter-Id
>attribute from the server. It should do that, right? Or did I got
>something wrong?

RAD_FILTER_ID according to ppp's man page:

RAD_FILTER_ID
                     If this attribute is supplied, ppp will attempt to use
it
                     as an additional label to load from the ppp.linkup and
                     ppp.linkdown files.  The load will be attempted before
                     (and in addition to) the normal label search.  If the
                     label doesn't exist, no action is taken and ppp
proceeds
                     to the normal load using the current label.

the text content of Filter-ID radius attribute coming from your radius
server serves as label for ppp.linkup and ppp.linkdown files...

for example... sending Filter-ID = "abc" from radius server

inside /etc/ppp/ppp.linkup:

abc:
    ! sh -c "echo abc label called >> /test.log"
xyz:
    ! sh -c "echo xyz label called >> /test.log"

you are using label "64:32" which is ambiguous because a label in ppp is a
string starts from the first column of a line followed by a colon...

you can replace your "64:32" to "d64u32" or whatever you like as long as it
is a valid label...

your ppp.linkup and ppp.linkdown file will look like this:

/etc/ppp/ppp.linkup

d64u32:
    !bg /etc/ppp/addpipe.sh INTERFACE 64 32

/etc/ppp/ppp.linkdown

MYADDR:
    !bg /etc/ppp/delpipe.sh INTERFACE

/etc/ppp/addpipe.sh
    extract tunnel number and assign to NTUN variable
    NTUN = NTUN * 2 (+ BASE to allow room for other firewall rules)
    IN = NTUN
    OUT = NTUN + 1
    assign IN for incoming pipe number
    assign OUT for outgoing pipe number

/etc/ppp/delpipe.sh
    extract tunnel number and assign to NTUN variable
    NTUN = NTUN * 2 (+ BASE to allow room for other firewall rules)
    IN = NTUN
    OUT = NTUN + 1
    assign IN to delete previous incoming pipe number
    assign OUT to delete previous outgoing pipe number


fooler.

More information about the freebsd-net mailing list