AAA over IPv6

Radius related questions
Post Reply
nasirkamal
Posts: 17
Joined: 27 Nov 2017, 08:49

AAA over IPv6

Post by nasirkamal »

Hi,

I'm trying to connect clients with Accel over IPv6 protocol. The issue is that client is sending PADI packets to Accel but Accel is not replying with PADO packets because of which there is no IPv6 assignment to clients. The screenshot of messages that are being exchanged is attached for your review and feedback.

Code: Select all

Plugin rp-pppoe.so loaded.
pppd options in effect:
debug           # (from /etc/ppp/options)
updetach                # (from /etc/ppp/options)
persist         # (from /etc/ppp/peers/dsl-provider)
dump            # (from /etc/ppp/options)
plugin rp-pppoe.so              # (from /etc/ppp/peers/dsl-provider)
noauth          # (from /etc/ppp/peers/dsl-provider)
user user-ILV           # (from /etc/ppp/peers/dsl-provider)
ens3            # (from /etc/ppp/peers/dsl-provider)
ens3            # (from /etc/ppp/peers/dsl-provider)
asyncmap 0              # (from /etc/ppp/options)
lcp-echo-failure 4              # (from /etc/ppp/options)
lcp-echo-interval 30            # (from /etc/ppp/options)
hide-password           # (from /etc/ppp/peers/dsl-provider)
noipdefault             # (from /etc/ppp/peers/dsl-provider)
defaultroute            # (from /etc/ppp/peers/dsl-provider)
replacedefaultroute             # (from /etc/ppp/peers/dsl-provider)
usepeerdns              # (from /etc/ppp/peers/dsl-provider)
+ipv6           # (from /etc/ppp/options)
noipx           # (from /etc/ppp/options)
Send PPPOE Discovery V1T1 PADI session 0x0 length 12
 dst ff:ff:ff:ff:ff:ff  src 52:54:00:f7:f7:07
 [service-name] [host-uniq  7c 48 00 00]
Send PPPOE Discovery V1T1 PADI session 0x0 length 12
 dst ff:ff:ff:ff:ff:ff  src 52:54:00:f7:f7:07
 [service-name] [host-uniq  7c 48 00 00]
Send PPPOE Discovery V1T1 PADI session 0x0 length 12
 dst ff:ff:ff:ff:ff:ff  src 52:54:00:f7:f7:07
 [service-name] [host-uniq  7c 48 00 00]
Timeout waiting for PADO packets
Unable to complete PPPoE Discovery
Send PPPOE Discovery V1T1 PADI session 0x0 length 12
 dst ff:ff:ff:ff:ff:ff  src 52:54:00:f7:f7:07
 [service-name] [host-uniq  7c 48 00 00]
Send PPPOE Discovery V1T1 PADI session 0x0 length 12
 dst ff:ff:ff:ff:ff:ff  src 52:54:00:f7:f7:07
 [service-name] [host-uniq  7c 48 00 00]
Send PPPOE Discovery V1T1 PADI session 0x0 length 12
 dst ff:ff:ff:ff:ff:ff  src 52:54:00:f7:f7:07
 [service-name] [host-uniq  7c 48 00 00]
Timeout waiting for PADO packets
Unable to complete PPPoE Discovery
Send PPPOE Discovery V1T1 PADI session 0x0 length 12
 dst ff:ff:ff:ff:ff:ff  src 52:54:00:f7:f7:07
 [service-name] [host-uniq  7c 48 00 00]
Send PPPOE Discovery V1T1 PADI session 0x0 length 12
 dst ff:ff:ff:ff:ff:ff  src 52:54:00:f7:f7:07
 [service-name] [host-uniq  7c 48 00 00]
Send PPPOE Discovery V1T1 PADI session 0x0 length 12
 dst ff:ff:ff:ff:ff:ff  src 52:54:00:f7:f7:07
 [service-name] [host-uniq  7c 48 00 00]

Dmitry
Администратор
Posts: 954
Joined: 09 Oct 2014, 10:06

Re: AAA over IPv6

Post by Dmitry »

hi
1. check with tcpdump/wireshark that server reveices PADI on desired interface
2. make sure you specify that interface in accel-ppp.conf
[pppoe]
interface=ethX
3. make sure you load pppoe module
[modules]
pppoe
4. set verbose logging
[pppoe]
verbose=1
[ppp]
verbose=1
[log]
level=5
and show log messages here
nasirkamal
Posts: 17
Joined: 27 Nov 2017, 08:49

Re: AAA over IPv6

Post by nasirkamal »

I double checked the options in accel-ppp.conf as you instructed. And set verbosity.

I am using ens4 for listening to pppoe connections in the conf file.
Here is the tcpdump from interface ens4.

Code: Select all

11:55:50.789783 STP 802.1d, Config, Flags [none], bridge-id 8000.52:54:00:25:c1:f5.8002, length 43
11:55:51.459202 PPPoE PADI [Service-Name] [Host-Uniq 0x0A4D0000]
11:55:52.789699 STP 802.1d, Config, Flags [none], bridge-id 8000.52:54:00:25:c1:f5.8002, length 43
11:55:54.789775 STP 802.1d, Config, Flags [none], bridge-id 8000.52:54:00:25:c1:f5.8002, length 43
11:55:56.471425 PPPoE PADI [Service-Name] [Host-Uniq 0x0A4D0000]
11:55:56.789514 STP 802.1d, Config, Flags [none], bridge-id 8000.52:54:00:25:c1:f5.8002, length 43
11:55:58.789733 STP 802.1d, Config, Flags [none], bridge-id 8000.52:54:00:25:c1:f5.8002, length 43
11:56:00.789753 STP 802.1d, Config, Flags [none], bridge-id 8000.52:54:00:25:c1:f5.8002, length 43
11:56:02.789716 STP 802.1d, Config, Flags [none], bridge-id 8000.52:54:00:25:c1:f5.8002, length 43
11:56:04.789882 STP 802.1d, Config, Flags [none], bridge-id 8000.52:54:00:25:c1:f5.8002, length 43
11:56:06.484259 PPPoE PADI [Service-Name] [Host-Uniq 0x0A4D0000]
11:56:06.789724 STP 802.1d, Config, Flags [none], bridge-id 8000.52:54:00:25:c1:f5.8002, length 43
11:56:08.790067 STP 802.1d, Config, Flags [none], bridge-id 8000.52:54:00:25:c1:f5.8002, length 43
11:56:10.789662 STP 802.1d, Config, Flags [none], bridge-id 8000.52:54:00:25:c1:f5.8002, length 43
Only lines in emerg.log after this test:

Code: Select all

iprange: iprange module disabled so improper ip address assigning may cause kernel soft lockup!
radius: failed to parse dae-server
I defined the radius server in accel-ppp.conf file with:

Code: Select all

[radius]
nas-identifier=accel-ppp
nas-ip-addres=2001:bb::1
server=2001:cc::1,xflow,auth-port=1812,acct-port=1813,req-limit=0,fail-time=0,weight=1
dae-server=[2001:cc::1]:3799,xflow
Moreover, commenting out radius and setting any-login and no-auth as 1, the client was connected.
Dmitry
Администратор
Posts: 954
Joined: 09 Oct 2014, 10:06

Re: AAA over IPv6

Post by Dmitry »

i understand, you try to access radius by ipv6 address
this is not supported yet
Post Reply