ippool и radius

Questions related to general functionality
Post Reply
sprite9
Posts: 4
Joined: 11 Mar 2015, 15:33

ippool и radius

Post by sprite9 »

Добрый день.
Никак не получалось воспользоваться втроеным пулом в accel-ppp, пока не поменял очередность загрузки модулей в конфиге.

Code: Select all

[modules]
ippool
radius
В таком виде ippool работает. Но возникает новый вопрос. В данном виде не работает выдача адресов радиусом.
Как можно решить такую задачу? Если по радиусу приходит Framed-IP-Address ip отличный от 255.255.255.255 присваивался он, а если нет или присутствует Framed-Pool присваивался адрес из пула ippool. Я понимаю, что может произойти наложения и accel не в курсе использования пулов на стороне радиуса/биллинга, но эту ситуацию я могу сам разрулить, используюя непересекающиеся диапазоны. Итого можно ли использовать раздачу адресов одновременно и из модуля ippool и radius? У меня как-то не получилось
Dmitry
Администратор
Posts: 954
Joined: 09 Oct 2014, 10:06

Re: ippool и radius

Post by Dmitry »

должно быть
[modules]
radius
ippool

если радиус не выдал ип или выдал 255.255.255.254, то адрес будет взят из локального пула
sprite9
Posts: 4
Joined: 11 Mar 2015, 15:33

Re: ippool и radius

Post by sprite9 »

Dmitry wrote:должно быть
[modules]
radius
ippool

если радиус не выдал ип или выдал 255.255.255.254, то адрес будет взят из локального пула
Спасибо за совет, буду пробовать. У меня радиус биллинга по умолчанию выдает, если не назначен ip, 255.255.255.255. А где вы взяли инфу про 255.255.255.254, можно поподробнее?
Dmitry
Администратор
Posts: 954
Joined: 09 Oct 2014, 10:06

Re: ippool и radius

Post by Dmitry »

Axiator
Posts: 22
Joined: 22 Feb 2017, 16:06

Re: ippool и radius

Post by Axiator »

Добрый день.

Почему-то accel-ppp не выдаёт адрес из своего пула при получении 255.255.255.254 от радиуса. При этом, когда радиус просто не выдаёт адрес, местный пул работает нормально.

Может кто сталкивался с таким, как победить?

Спасибо.

msg: accel-ppp version 7bcac049264393cf06c8be7743d96c66a7ad701c

вот 255.255.255.254
Спойлер
[2017-09-29 11:52:17]: info: net0: recv [PAP AuthReq id=1]
[2017-09-29 11:52:17]: info: net0: send [RADIUS(1) Access-Request id=1 <User-Name "d0037351"> <NAS-Identifier "router"> <NAS-IP-Address 127.0.0.1> <NAS-Port-Type Virtual> <Service-Type Framed-User> <Framed-Protocol PPP> <Calling-Station-Id "74:e6:e2:0d:44:c0"> <Called-Station-Id "00:25:22:92:f3:01"> <User-Password>]
[2017-09-29 11:52:17]: info: net0: recv [RADIUS(1) Access-Accept id=1 <Acct-Interim-Interval 300> <Framed-IP-Address 255.255.255.254> <Framed-Protocol PPP>]
[2017-09-29 11:52:17]: info: ppp0: connect: ppp0 <--> pppoe(74:e6:e2:0d:44:c0)
[2017-09-29 11:52:17]: info: ppp0: send [PAP AuthAck id=1 "Authentication succeeded"]
[2017-09-29 11:52:17]: info: ppp0: send [IPCP ConfReq id=1 <addr 10.128.0.1>]
[2017-09-29 11:52:17]: info: ppp0: d0037351: authentication succeeded
[2017-09-29 11:52:17]: info: ppp0: recv [CCP ConfReq id=1 < 15 3 2f >]
[2017-09-29 11:52:17]: info: ppp0: send [CCP ConfReq id=1]
[2017-09-29 11:52:17]: info: ppp0: send [CCP ConfRej id=1 < 15 3 2f >]
[2017-09-29 11:52:17]: info: ppp0: recv [IPCP ConfReq id=1 <addr 0.0.0.0>]
[2017-09-29 11:52:17]: info: ppp0: send [IPCP ConfNak id=1 <addr 255.255.255.254>]
[2017-09-29 11:52:17]: info: ppp0: recv [IPCP ConfAck id=1 <addr 10.128.0.1>]
[2017-09-29 11:52:17]: info: ppp0: recv [CCP ConfAck id=1]
[2017-09-29 11:52:17]: info: ppp0: recv [CCP ConfReq id=2]
[2017-09-29 11:52:17]: info: ppp0: send [CCP ConfAck id=2]
[2017-09-29 11:52:17]: info: ppp0: recv [IPCP ConfReq id=2 <addr 255.255.255.254>]
[2017-09-29 11:52:17]: info: ppp0: send [IPCP ConfAck id=2]
[2017-09-29 11:52:17]: info: ppp0: send [RADIUS(2) Accounting-Request id=1 <User-Name "d0037351"> <NAS-Identifier "router"> <NAS-IP-Address 127.0.0.1> <NAS-Port 0> <NAS-Port-Id "ppp0"> <NAS-Port-Type Virtual> <Service-Type Framed-User> <Framed-Protocol PPP> <Calling-Station-Id "74:e6:e2:0d:44:c0"> <Called-Station-Id "00:25:22:92:f3:01"> <Acct-Status-Type Start> <Acct-Authentic RADIUS> <Acct-Session-Id "38f0fba984d839c2"> <Acct-Session-Time 0> <Acct-Input-Octets 0> <Acct-Output-Octets 0> <Acct-Input-Packets 0> <Acct-Output-Packets 0> <Acct-Input-Gigawords 0> <Acct-Output-Gigawords 0> <Framed-IP-Address 255.255.255.254>]
[2017-09-29 11:52:17]: info: ppp0: recv [IPCP TermReq id=3]
вот пустое поле
Спойлер
[2017-09-29 10:53:55]: info: net0: recv [PAP AuthReq id=1]
[2017-09-29 10:53:55]: info: net0: send [RADIUS(1) Access-Request id=1 <User-Name "d0037351"> <NAS-Identifier "router"> <NAS-IP-Address 127.0.0.1> <NAS-Port-Type Virtual> <Service-Type Framed-User> <Framed-Protocol PPP> <Calling-Station-Id "74:e6:e2:0d:44:c0"> <Called-Station-Id "00:25:22:92:f3:01"> <User-Password>]
[2017-09-29 10:53:55]: info: net0: recv [RADIUS(1) Access-Accept id=1 <Acct-Interim-Interval 300> <Framed-Protocol PPP>]
[2017-09-29 10:53:55]: info: ppp0: connect: ppp0 <--> pppoe(74:e6:e2:0d:44:c0)
[2017-09-29 10:53:55]: info: ppp0: send [PAP AuthAck id=1 "Authentication succeeded"]
[2017-09-29 10:53:55]: info: ppp0: send [IPCP ConfReq id=1 <addr 10.128.0.1>]
[2017-09-29 10:53:55]: info: ppp0: d0037351: authentication succeeded
[2017-09-29 10:53:55]: info: ppp0: recv [CCP ConfReq id=1 < 15 3 2f >]
[2017-09-29 10:53:55]: info: ppp0: send [CCP ConfReq id=1]
[2017-09-29 10:53:55]: info: ppp0: send [CCP ConfRej id=1 < 15 3 2f >]
[2017-09-29 10:53:55]: info: ppp0: recv [IPCP ConfReq id=1 <addr 0.0.0.0>]
[2017-09-29 10:53:55]: info: ppp0: send [IPCP ConfNak id=1 <addr 10.128.16.0>]
[2017-09-29 10:53:55]: info: ppp0: recv [IPCP ConfAck id=1 <addr 10.128.0.1>]
[2017-09-29 10:53:55]: info: ppp0: recv [CCP ConfAck id=1]
[2017-09-29 10:53:55]: info: ppp0: recv [CCP ConfReq id=2]
[2017-09-29 10:53:55]: info: ppp0: send [CCP ConfAck id=2]
[2017-09-29 10:53:55]: info: ppp0: recv [IPCP ConfReq id=2 <addr 10.128.16.0>]
[2017-09-29 10:53:55]: info: ppp0: send [IPCP ConfAck id=2]
[2017-09-29 10:53:55]: info: ppp0: send [RADIUS(2) Accounting-Request id=1 <User-Name "d0037351"> <NAS-Identifier "router"> <NAS-IP-Address 127.0.0.1> <NAS-Port 0> <NAS-Port-Id "ppp0"> <NAS-Port-Type Virtual> <Service-Type Framed-User> <Framed-Protocol PPP> <Calling-Station-Id "74:e6:e2:0d:44:c0"> <Called-Station-Id "00:25:22:92:f3:01"> <Acct-Status-Type Start> <Acct-Authentic RADIUS> <Acct-Session-Id "38f0fba984d835d3"> <Acct-Session-Time 0> <Acct-Input-Octets 0> <Acct-Output-Octets 0> <Acct-Input-Packets 0> <Acct-Output-Packets 0> <Acct-Input-Gigawords 0> <Acct-Output-Gigawords 0> <Framed-IP-Address 10.128.16.0>]
[2017-09-29 10:53:55]: info: ppp0: recv [RADIUS(2) Accounting-Response id=1]
[2017-09-29 10:53:55]: info: ppp0: pppd_compat: ip-up started (pid 13564)
[2017-09-29 10:53:55]: info: ppp0: pppd_compat: ip-up finished (0)
модули выглядят так:
Спойлер
[modules]
path=/usr/local/lib64/accel-ppp/
log_file
#log_syslog
#log_tcp
#log_pgsql

#pptp
#l2tp
pppoe
#ipoe

auth_mschap_v2
auth_mschap_v1
auth_chap_md5
auth_pap

radius
ippool
sigchld
pppd_compat

shaper
#chap-secrets
#net-snmp
#logwtmp
connlimit

#ipv6_nd
#ipv6_dhcp
#ipv6pool
dimka88
Posts: 866
Joined: 13 Oct 2014, 05:51
Contact:

Re: ippool и radius

Post by dimka88 »

Покажите конфигурационный файл полностью.
Axiator
Posts: 22
Joined: 22 Feb 2017, 16:06

Re: ippool и radius

Post by Axiator »

Полный конфиг.
Спойлер
[modules]
path=/usr/local/lib64/accel-ppp/
log_file
#log_syslog
#log_tcp
#log_pgsql

#pptp
#l2tp
pppoe
#ipoe

auth_mschap_v2
auth_mschap_v1
auth_chap_md5
auth_pap

radius
ippool
sigchld
pppd_compat

shaper
#chap-secrets
#net-snmp
#logwtmp
connlimit

#ipv6_nd
#ipv6_dhcp
#ipv6pool

[core]
log-error=/var/log/accel-ppp/core.log
thread-count=4

[common]
single-session=replace
#sid-case=upper
#sid-source=seq

[ppp]
verbose=1
min-mtu=1280
mtu=1400
mru=1400
#ccp=0
#check-ip=0
#mppe=require
ipv4=require
ipv6=deny
ipv6-intf-id=0:0:0:1
ipv6-peer-intf-id=0:0:0:2
ipv6-accept-peer-intf-id=1
lcp-echo-interval=20
#lcp-echo-failure=3
lcp-echo-timeout=180
#unit-cache=50
#unit-preallocate=0

[auth]
any-login=0
noauth=0

[pptp]
verbose=1
#echo-interval=30

[pppoe]
verbose=9
#ac-name=xxx
#service-name=yyy
pado-delay=0
#pado-delay=0,100:100,200:200,-1:500
#ifname-in-sid=called-sid
#tr101=1
#padi-limit=0
mac-filter=/etc/accel-ppp/block-by-mac.txt,deny
ip-pool=pppoe
interface=re:^net0,padi-limit=200

[l2tp]
verbose=5
#dictionary=/usr/local/share/accel-ppp/l2tp/dictionary
#hello-interval=60
#timeout=60
#rtimeout=1
#rtimeout-cap=16
#retransmit=5
#recv-window=16
#host-name=accel-ppp
#dir300_quirk=0
#secret=
#dataseq=allow
#reorder-timeout=0
#ip-pool=l2tp

[ipoe]
verbose=9
#username=ifname
#password=username
#renew-time=600
lease-time=600
max-lease-time=900
#unit-cache=1000
#l4-redirect-table=4
#l4-redirect-ipset=l4
#l4-redirect-on-reject=300
shared=1
ifcfg=0
mode=L2
start=dhcpv4
proxy-arp=1
#nat=0
#proto=100
#relay=10.10.10.10
#attr-dhcp-client-ip=DHCP-Client-IP-Address
attr-dhcp-client-ip=Framed-IP-Address
#attr-dhcp-router-ip=DHCP-Router-Address
#attr-dhcp-mask=DHCP-Mask
attr-dhcp-mask=Framed-IP-Netmask
#attr-l4-redirect=L4-Redirect
#local-net=192.168.0.0/16
lua-file=/etc/accel-ppp/accel-ppp.lua
username=lua:username
#offer-delay=0,100:100,200:200,-1:1000
#vlan-mon=eth0,10-200
#vlan-timeout=60
#vlan-name=%I.%N
#ip-pool=ipoe
#interface=eth0
#interface=net0.5
interface=net0
interface=re:^net1
gw-ip-address=10.50.0.1/24
gw-ip-address=192.168.0.1/23
gw-ip-address=192.168.2.1/23

[dns]
dns1=10.128.0.2
dns2=8.8.8.8

[wins]
#wins1=172.16.0.1
#wins2=172.16.1.1

[radius]
#dictionary=/usr/local/share/accel-ppp/radius/dictionary
dictionary=/etc/accel-ppp/radius/dictionary
nas-identifier=router
nas-ip-address=127.0.0.1
gw-ip-address=10.128.0.1
server=127.0.0.1,testing123,auth-port=1812,acct-port=0,req-limit=200,fail-time=0
server=127.0.0.1,testing123,auth-port=0,acct-port=1813,req-limit=200,fail-time=0
dae-server=127.0.0.1:3799,pzda
verbose=9
#timeout=3
#max-try=3
#acct-timeout=120
#acct-delay-time=0
#acct-on=0

[client-ip-range]
192.168.0.0/16

[ip-pool]
gw-ip-address=10.128.0.1
#vendor=Cisco
#attr=Cisco-AVPair
attr=Framed-Pool
10.128.16.0/21,name=pppoe
#192.168.1.1-255,name=pool1
#192.168.2.1-255,name=pool2
#192.168.3.1-255,name=pool3
#192.168.4.0/24

[log]
log-file=/var/log/accel-ppp/accel-ppp.log
log-emerg=/var/log/accel-ppp/emerg.log
log-fail-file=/var/log/accel-ppp/auth-fail.log
#log-debug=/dev/stdout
#syslog=accel-pppd,daemon
#log-tcp=127.0.0.1:3000
copy=1
#color=1
#per-user-dir=per_user
#per-session-dir=per_session
#per-session=1
level=4

[log-pgsql]
conninfo=user=log
log-table=log

[pppd-compat]
##ip-pre-up=/etc/ppp/ip-pre-up
ip-up=/etc/ppp/ip-up
ip-down=/etc/ppp/ip-down
ip-change=/etc/ppp/ip-change
radattr-prefix=/var/run/radattr
verbose=1

[chap-secrets]
gw-ip-address=10.128.0.1
chap-secrets=/etc/accel-ppp/chap-secrets
#encrypted=0
#username-hash=md5

[shaper]
attr=Filter-Id
#down-burst-factor=0.1
#up-burst-factor=1.0
#latency=50
#mpu=0
#mtu=0
#r2q=10
#quantum=1500
#cburst=1534
#ifb=ifb0
up-limiter=police
down-limiter=tbf
#leaf-qdisc=sfq perturb 10
#rate-multiplier=1
verbose=1

[cli]
telnet=127.0.0.1:2000
tcp=127.0.0.1:2001
#password=123

[snmp]
master=0
agent-name=accel-ppp

[connlimit]
limit=10/min
burst=3
timeout=60

[ipv6-pool]
fc00:0:1::/48,64
delegate=fc00:1::/36,48

[ipv6-dns]
#fc00:1::1
#fc00:1::2
#fc00:1::3
#dnssl=suffix1.local.net
#dnssl=suffix2.local.net.

[ipv6-dhcp]
verbose=1
pref-lifetime=604800
valid-lifetime=2592000
route-via-gw=1
Post Reply