Date: Sat, 11 Aug 2001 10:55:24 +0100 From: Brian Somers <brian@Awfulhak.org> To: francisv@dagupan.com Cc: brian@Awfulhak.org, isp@freebsd.org, brian@freebsd-services.com Subject: Re: PPPoE server setup + RADIUS Message-ID: <200108110955.f7B9tOr31726@hak.lan.Awfulhak.org> In-Reply-To: Message from francisv@dagupan.com of "Sat, 11 Aug 2001 09:34:17 %2B0800." <10F29E27A956D511B0940050DA8D86A908F758@chat.dagupan.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> > > Hi all,
> > >
> > > We're currently experimenting with PPPoE on a FreeBSD 4.3-STABLE system
> > with
> > > a Windows 98 client using RASPPPOE. I've found some instructions on the
> > web
> > > on how to setup the PPPoE server and so far I've managed to make it run.
> > >
> > > We are using the RADIUS server of our upstream ISP for authenticating
> > > clients. Here's a copy of my /etc/ppp/ppp.conf:
> > >
> > > pppoe-in:
> > > allow users
> > > enable pap
> > > allow mode direct
> > > set mru 1460
> > > set mtu 1460
> > > set speed sync
> > > enable lqr
> > > accept dns
> > > set ifaddr 202.91.163.1 202.91.163.20-202.91.163.50
> > > set dns 202.91.161.130 202.47.132.1
> > > load server
> > > set radius /etc/ppp/radius.conf
> > > set log phase ipcp lcp debug
> > >
> > > Their RADIUS server sends a reply for Framed-IP-Address: 255.255.255.254
> > and
> > > Framed-IP-Netmask: 255.255.255.0
> > >
> > > But upon inspection of the client, it shows that it got the
> > 255.255.255.254
> > > address instead of the IP address pool as defined in ppp.conf. What else
> > > could be wrong here? Where should I look? Thanks!
> >
> > ppp will choose the RAD_FRAMED_IP_ADDRESS returned from the radius
> > server above any IP number mentioned in ppp.conf or ppp.secret.
> >
> > 255.255.255.254 is a mighty odd IP number - but I'm sure you already
> > know that :*) I wonder why your ISP's radius server is sending this ?
>
> Isn't it in RFC 2138?
>
> Framed-IP-Address
>
> Address
>
> The Address field is four octets. The value 0xFFFFFFFF indicates
> that the NAS should allow the user to select an address (e.g.
> Negotiated). The value 0xFFFFFFFE indicates that the NAS should
> select an address for the user (e.g. Assigned from a pool of
> addresses kept by the NAS). Other valid values indicate that the
> NAS should use that value as the user's IP address.
Ah, ok, does the attached patch help ?
> What do you normally put there? As a standard practice, I mean.
Nothing at all (so that the radius server doesn't return a framed ip
address), but I don't generally use radius....
--
Brian <brian@freebsd-services.com> <brian@Awfulhak.org>
http://www.freebsd-services.com/ <brian@[uk.]FreeBSD.org>
Don't _EVER_ lose your sense of humour ! <brian@[uk.]OpenBSD.org>
Index: radius.c
===================================================================
RCS file: /home/ncvs/src/usr.sbin/ppp/radius.c,v
retrieving revision 1.22
diff -u -r1.22 radius.c
--- radius.c 2001/04/01 22:39:17 1.22
+++ radius.c 2001/08/11 09:53:30
@@ -158,6 +158,8 @@
switch (got) {
case RAD_FRAMED_IP_ADDRESS:
r->ip = rad_cvt_addr(data);
+ if (ntohl(r->ip.s_addr) == 0xfffffffe)
+ r->ip.s_addr = INADDR_NONE;
log_Printf(LogPHASE, " IP %s\n", inet_ntoa(r->ip));
break;
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200108110955.f7B9tOr31726>