Dear, after some modifications to our radius system, we have managed to make the band control work normally.
However the radius server is not able via COA to automatically disconnect the pppoe sessions. Anyone getting this function normally with vyos pppoe-server? Or is it still developing?
Hello, I test it, CoA works. I have next config.
set service pppoe-server authentication radius-settings dae-server ip-address '192.168.0.38'
set service pppoe-server authentication radius-settings dae-server port '3799'
set service pppoe-server authentication radius-settings dae-server secret 'testing123'
And from radius server send:
echo "User-Name=test" | radclient -x 192.168.0.38:3799 disconnect testing123
Also you may use another attributes for identify client for disconnect
I made the settings as instructed, but the session did not disconnect. Can anyone tell me what command in vyos to check if POD message is arriving on vyos server?
DM/PoD writes on log, check it:
vyos@vyos-rtr:~$ show log tail 1000 | match Disconnect*
Jun 1 10:25:35 localhost accel-pppoe: ppp0:test: recv [RADIUS Disconnect-Request id=b0 <User-Name "test">]
Jun 1 10:25:35 localhost accel-pppoe: ppp0:test: send [RADIUS Disconnect-ACK id=b0]
If these messages does not exist, at first I propose check listening port 3799 on VyOS, run:
vyos@vyos-rtr# sudo netstat -lan | grep 3799
If port listens, you can see next:
udp 0 0 192.168.0.38:3799 0.0.0.0:*
At second, check open port from machine with radius server:
root@radius-server:~# nmap -p 3799 -sU 192.168.0.38
If port open, move on. Send DM/PoD manually for check from radius server, replace your User-Name, VyOS ip address and secret key:
root@radius-server:~# echo "User-Name=test" | radclient -x 192.168.0.38:3799 disconnect testing123
Sent Disconnect-Request Id 171 from 0.0.0.0:59508 to 192.168.0.38:3799 length 26
User-Name = "test"
Received Disconnect-ACK Id 171 from 192.168.0.38:3799 to 0.0.0.0:0 length 20
If radclient received Disconnect-ACK, session is terminated.
Dear, we were able to make the disconnection from the radius work.
However we are faced with another situation and would like to know if it is still limiting this version of vyos.
when using the local pool, we would like some specific connections to which we assigned fixed ip in the radius, received the radius ips, but continued from the local pool.
If we let all connections receive direct radius pool, at some point two or more connections will receive the same ip.
I would like to know if there is something to be configured in vyos so that if I leave the pool of ip originated from radius, somehow vyos periodically report to the radius the ips in use so there is no duplicate ips ?.
If I use the local pool, is there any way for some specific connections to receive ip from the radius server?
Hello, of course. You may send attribute Framed-IP-Address from RADIUS server, and pppoe daemon allocate it for client, because RADIUS attributes has more priority. Best practice is storing active clients connections in database, and pppoe daemon always will send alive packet. For activate this features you can send from RADIUS attribute Acct-Interim-Interval which will contain value in seconds. Then pppoe daemon always will sent packet if session with allocated ip is alive.
This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.