From owner-freebsd-isp  Fri Oct 29  5:12:22 1999
Delivered-To: freebsd-isp@freebsd.org
Received: from ktpk.dp.ua (ktpk.dp.ua [195.24.130.245])
	by hub.freebsd.org (Postfix) with ESMTP
	id E74EE14CE5; Fri, 29 Oct 1999 05:10:37 -0700 (PDT)
	(envelope-from os@ktpk.dp.ua)
Received: from admin (admin.dnepr.com [192.168.0.4])
	by ktpk.dp.ua (8.8.8/8.8.8) with SMTP id PAA03872;
	Fri, 29 Oct 1999 15:10:32 +0300 (EEST)
	(envelope-from os@ktpk.dp.ua)
Message-ID: <000701bf220e$fccdde60$0400a8c0@admin.dnepr.com>
From: "Oleg Semyonov" <os@ktpk.dp.ua>
To: <peter@freebsd.org>
Cc: <freebsd-isp@freebsd.org>
Subject: pppd-2.3.10 + RADIUS
Date: Fri, 29 Oct 1999 15:10:34 +0200
MIME-Version: 1.0
Content-Type: text/plain;
	charset="koi8-r"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 4.72.3110.5
X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Hi peter@freebsd.org!

    As I can see you're a maintainer of pppd port for FreeBSD.
Long time the pppd exists in FreeBSD as patched 2.3.5 version
which has some bugs (e.g. "*" only in allowed address list with no
DNS available leads to long delays for gethostbyname("*") which
prevents the login by timeout hangup, and so on.).

    Just now I've almost done my work with pppd-2.3.10 sources.
Patches for FreeBSD are based on pppd in current FreeBSD distribution
with minor changes for new pppd features (optional option list
in secrets file and so on). Futuremore, I've implemented the
RADIUS support for authentication and accounting. The support is
based on standard FreeBSD radius library by John Polstra,
it may be compiled-in by request (USE_RADIUS=y in Makefile)
with optional base config path (/etc/ppp or /etc/ppp-radius and
so on), and it includes support for:

- new RADIUS-oriented pppd options:
    - radius                  (use RADIUS)
    - radius-conf /path/file  (conf file for radius library)
    - radius-only         (don't try to auth with secrets or login
                           methods if radius returns Access-Reject)
    - radius-noacct       (don't send accounting requests)
    - radius-port         (device name to port number translation)
- support for PAP authentication (no CHAP or CALLBACK, sorry);
- new script environment variables (CALLED_STATION_ID, CALLING_STATION_ID,
    CONNECT_INFO, SENT_PACKETS, RCVD_PACKETS, and received from RADIUS
server);
- supported RADIUS attributes are:
    - in Access-Request:
        User-Name
        User-Password
        NAS-IP-Address (gethostname())
        NAS-Identifier (gethostbyname())
        NAS-Port (from device to port translation)
        NAS-Port-Type (Async only)
        Service-Type (Framed)
        Framed-Protocol (PPP)
        Framed-IP-Address
        Framed-Compression (VJ-TCPIP only, no IPX supported)
        Called-Station-Id (from pppd's environment)
        Calling-Station-Id (from pppd's environment, passed by mgetty, e.g.)
        Connect-Info (from pppd's environment, passed by mgetty, e.g.)
        PPPD-Script-Env (pppd script env vars, vendor-specific attribute)
    - in Access-Accept/Reject also recognised (with mentioned above):
        Framed-IP-Netmask
        Framed-Routing (not used yet)
        Filter-Id (not used yet)
        Framed-MTU
        Reply-Message (first message is used only)
        Framed-Route (not used yet)
        Class (passed through in accounting requests)
        Session-Timeout
        Idle-Timeout
        PPPD-Option (additional pppd options, vendor-specific attribute)
        PPPD-Script-Env (additional script env vars, vendor-specific
attribute)
    - in Accounting-Request START packet also passed (with mentioned above):
        Acct-Status-Type (Start, Stop)
        Acct-Session-Id
        Acct-Authentic (RADIUS only)
    - in Accounting-Request STOP packet also passed (with mentioned above):
        Acct-Input-Octets
        Acct-Output-Octets
        Acct-Input-Packets
        Acct-Output-Packets
        Acct-Session-Time
        Acct-Terminate-Cause (not so good but something useful)

Most of attributes are passed in accounting requests (all script env
vars and additional pppd options for local IP address or so).

RADIUS support isn't done as loadable plugin. First reason is the
pppd must work (for me) on 2.2.8 system which does not support some
required features (-E switch for ld, for example). Second, there is
no some required hooks and global variables for implement all features
I need.

The code is slightly tested with Steel-Belted RADIUS for WinNT and with
Cistron radiusd-1.6.1 and seems to work fine for me.

Is it possible to test and include the code into FreeBSD distribution
or port collection? Seems too many people want to install newest pppd
version but some small incompatibilities in original pppd code may
prevent it for not so qualified users.

Any opinions?

---
Oleg Semyonov, the Head of IT Department of KTPK "Dnepr", Energodar, UA
Internet mail: os@altavista.net, finger/talk: os@ktpk.dp.ua, ICQ:31256452




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message