Page 1 of 1

Radius accounting problems

Posted: 24 Mar 2021, 22:42
by tj-19
Users are able to connect to L2TP/ Accel-ppp and Radius provides IP address etc.

However, Radius accounting fails and the session is then terminated after 3 tries.

With the following cause code:- <Acct-Terminate-Cause NAS-Error>]

In the Accel-PPP logs I see the following: - ( IP addresses changed for security)

[2021-03-24 22:16:46]: info: l2tp0: send [RADIUS(1) Accounting-Request id=1 <User-Name "test@test.com"> <NAS-Identifier "test"> <NAS-IP-Address 10.10.10.100> <NAS-Port 0> <NAS-Port-Id "l2tp0"> <NAS-Port-Type Virtual> <Service-Type Framed-User> <Framed-Protocol PPP> <Calling-Station-Id "192.168.10.193"> <Called-Station-Id "10.10.10.100"> <Acct-Status-Type Start> <Acct-Authentic RADIUS> <Acct-Session-Id "4262ded4dfdeb331"> <Acct-Session-Time 0> <Acct-Input-Octets 0> <Acct-Output-Octets 0> <Acct-Input-Packets 0> <Acct-Output-Packets 0> <Acct-Input-Gigawords 0> <Acct-Output-Gigawords 0> <Framed-IP-Address 192.168.11.50>]
[2021-03-24 22:16:49]: warn: l2tp0: radius: server(1) not responding
[2021-03-24 22:16:49]: warn: l2tp0: radius: no available servers

In the accel-ppp config I have acct-on=0 set to stop radius accounting.

But Accel-ppp still appears to be sending accounting requests.

In daloRADIUS I can see the accounting requests logging ok.

So daloRADIUS appears to be fine.

Any ideas where to look and how to further diagnose this issue?

Re: Radius accounting problems

Posted: 26 Mar 2021, 09:49
by dimka88
Hello @tj-19, you need to disable the accounting, exactly set zero to acct-port. e.g.

Code: Select all

[radius]
server=x.x.x.x,SomeSecret,auth-port=1812,acct-port=0
Note, acct-on param doing different things
"acct-on=" 0|1
Specifies whether radius client should send Account-Request with Acct-Status-Type=Accounting-On on startup and Acct-Status-Type=Accounting-Off on shutdown.

Re: Radius accounting problems

Posted: 07 Apr 2021, 20:25
by tj-19
Hi Dima,

Thanks for the useful input.

I’m now able to connect, when setting the accounting port to 0.

I wonder if you can tell me how to find out why Radius accounting is not working?

When the port is set to 1813 It records the session info in Daloradius before disconnecting. Perhaps Accel-ppp is not receiving its expected reply?

Also there seems to be a delay of at least 3 seconds per session on connecting compared to L2TPNS, which is instant.

Can you tell me why ACCEL-PPP takes longer to login. Is it waiting for something when each session connects? Can you tell me how to debug the login process?

Lastly, if you connect using an L2TP client and then disconnect you cannot reconnect for just under a minute.

In the log, you can see the session is terminated when the session is disconnected by the client but an acknowledgment is requested 5 times before the physical tunnel is dropped in ACCEL-PPP.

If the session is dropped there will never be a reply. Surely the logic is wrong and this mechanism should only be used to detect dead peers? Why doesn’t the session disconnect drop the physical tunnel straightaway?

Here is a copy of the log file:-

[2021-04-07 20:07:56]: info: l2tp session 42221-9, 2169-1: session destroyed
[2021-04-07 20:07:57]: info: l2tp tunnel 42221-9 (XXX.XXX.XXX.XXX:5636): retransmission #1
[2021-04-07 20:07:57]: info: l2tp tunnel 42221-9 (XXX.XXX.XXX.XXX:5636): retransmit (timeout) [L2TP tid=9 sid=0 Ns=2 Nr=5 <Message-Type Stop-Ctrl-Conn-Notify> <Assigned-Tunnel-ID -23315> <Result-Code>]
[2021-04-07 20:07:57]: info: l2tp tunnel 42221-9 (XXX.XXX.XXX.XXX:5636): send [L2TP tid=9 sid=0 Ns=2 Nr=6 <Message-Type Stop-Ctrl-Conn-Notify> <Assigned-Tunnel-ID -23315> <Result-Code>]
[2021-04-07 20:07:59]: info: l2tp tunnel 42221-9 (XXX.XXX.XXX.XXX:5636): retransmission #2
[2021-04-07 20:07:59]: info: l2tp tunnel 42221-9 (XXX.XXX.XXX.XXX:5636): retransmit (timeout) [L2TP tid=9 sid=0 Ns=2 Nr=6 <Message-Type Stop-Ctrl-Conn-Notify> <Assigned-Tunnel-ID -23315> <Result-Code>]
[2021-04-07 20:07:59]: info: l2tp tunnel 42221-9 (XXX.XXX.XXX.XXX:5636): send [L2TP tid=9 sid=0 Ns=2 Nr=6 <Message-Type Stop-Ctrl-Conn-Notify> <Assigned-Tunnel-ID -23315> <Result-Code>]
[2021-04-07 20:08:03]: info: l2tp tunnel 42221-9 (XXX.XXX.XXX.XXX:5636): retransmission #3
[2021-04-07 20:08:03]: info: l2tp tunnel 42221-9 (XXX.XXX.XXX.XXX:5636): retransmit (timeout) [L2TP tid=9 sid=0 Ns=2 Nr=6 <Message-Type Stop-Ctrl-Conn-Notify> <Assigned-Tunnel-ID -23315> <Result-Code>]
[2021-04-07 20:08:03]: info: l2tp tunnel 42221-9 (XXX.XXX.XXX.XXX:5636): send [L2TP tid=9 sid=0 Ns=2 Nr=6 <Message-Type Stop-Ctrl-Conn-Notify> <Assigned-Tunnel-ID -23315> <Result-Code>]
[2021-04-07 20:08:11]: info: l2tp tunnel 42221-9 (XXX.XXX.XXX.XXX:5636): retransmission #4
[2021-04-07 20:08:11]: info: l2tp tunnel 42221-9 (XXX.XXX.XXX.XXX:5636): retransmit (timeout) [L2TP tid=9 sid=0 Ns=2 Nr=6 <Message-Type Stop-Ctrl-Conn-Notify> <Assigned-Tunnel-ID -23315> <Result-Code>]
[2021-04-07 20:08:11]: info: l2tp tunnel 42221-9 (XXX.XXX.XXX.XXX:5636): send [L2TP tid=9 sid=0 Ns=2 Nr=6 <Message-Type Stop-Ctrl-Conn-Notify> <Assigned-Tunnel-ID -23315> <Result-Code>]
[2021-04-07 20:08:27]: info: l2tp tunnel 42221-9 (XXX.XXX.XXX.XXX:5636): retransmission #5
[2021-04-07 20:08:27]: info: l2tp tunnel 42221-9 (XXX.XXX.XXX.XXX:5636): retransmit (timeout) [L2TP tid=9 sid=0 Ns=2 Nr=6 <Message-Type Stop-Ctrl-Conn-Notify> <Assigned-Tunnel-ID -23315> <Result-Code>]
[2021-04-07 20:08:27]: info: l2tp tunnel 42221-9 (XXX.XXX.XXX.XXX:5636): send [L2TP tid=9 sid=0 Ns=2 Nr=6 <Message-Type Stop-Ctrl-Conn-Notify> <Assigned-Tunnel-ID -23315> <Result-Code>]
[2021-04-07 20:08:43]: warn: l2tp tunnel 42221-9 (XXX.XXX.XXX.XXX:5636): no acknowledgement from peer after 5 retransmissions, deleting tunnel
[2021-04-07 20:08:43]: info: l2tp tunnel 42221-9 (XXX.XXX.XXX.XXX:5636): deleting tunnel
[2021-04-07 20:08:43]: info: l2tp tunnel 42221-9 (XXX.XXX.XXX.XXX:5636): tunnel destroyed