Pool IPv6 + Radius

Radius related questions
Post Reply
Tig.com
Posts: 1
Joined: 03 Mar 2020, 03:04

Pool IPv6 + Radius

Post by Tig.com »

Hello,
I'm trying to implement Accel-PPP for PPPoE with FreeRadius 3. Could someone help me?
I am looking to assign the PPPoE client connection to the IPv6 / 56 or / 48 pool! I didn't find documentation talking about Delegate-IPv6-Prefix and Framed-IPv6-Prefix.
I can only deliver an IPv6 pool when I make a manual without going through Radius.

In this way he assigns a block from this manual pool:

Code: Select all

[ipv6-pool
2001:db8:8030::/48,64
delegate=2001:db8:8040::/48,56
tried this way to get the radius attributes but it doesn't work:

Code: Select all

attr=Delegated-IPv6-Prefix
ou

Code: Select all

attr-prefix=Delegated-IPv6-Prefix-Pool
dimka88
Posts: 866
Joined: 13 Oct 2014, 05:51
Contact:

Re: Pool IPv6 + Radius

Post by dimka88 »

Hello,
Did you try set `[log]level=5`? Also add `verbose=1` to the `[radius]` section and other sections. This feature should works.
rodrigoyoshioka
Posts: 4
Joined: 17 Mar 2020, 13:25

Re: Pool IPv6 + Radius

Post by rodrigoyoshioka »

Hi, I'm facing the same problem. Ipv6 works fine if I set the addresses in conf file. If I configure pools from radius, it didn't work.

I've already set verbose and log level in order to try to solve, but it wasn't clear where exactly is the problem.

I've tried with attr-prefix and address conf and without it.

Does anyone can help?


Thanks.

My pool conf.

Code: Select all

[ipv6-pool]
gw-ip6-address=2804:ABC:9:22::2
attr-prefix=Framed-IPv6-Pool
attr-address=ERX-IPv6-Delegated-Pool-Name
2804:ABC:14::/48,64,name=prefixdelegation
fd00::/48,64,name=acesso_negadov6
delegate=2804:ABC:15::/48,64,name=dhcp-pd
My radius conf.

Code: Select all

MariaDB [radius]> select * from radreply where username='rodrigohotspot@clickrede.com.br';
+---------+---------------------------------+------------------------------+----+------------------+
| id      | username                        | attribute                    | op | value            |
+---------+---------------------------------+------------------------------+----+------------------+
| 1668232 | rodrigohotspot@clickrede.com.br | ERX-IPv6-Delegated-Pool-Name | == | dhcp-pd          |
| 1668233 | rodrigohotspot@clickrede.com.br | Mikrotik-Rate-Limit          | := | 540000k/540000k  |
| 1668234 | rodrigohotspot@clickrede.com.br | Framed-IPv6-Pool             | := | prefixdelegation |
| 1668235 | rodrigohotspot@clickrede.com.br | Framed-Pool                  | := | ippublico        |
+---------+---------------------------------+------------------------------+----+------------------+
The Debug log.
[2020-03-17 10:35:26.010] pppoe0: fdfd365fa41e8295: send [RADIUS(1) Accounting-Request id=2 <User-Name "rodrigohotspot@abc.com.br"> <NAS-Identifier "add-pppoe-01"> <NAS-IP-Address 172.16.14.222> <NAS-Port 0> <NAS-Port-Id "pppoe0"> <NAS-Port-Type Virtual> <Service-Type Framed-User> <Framed-Protocol PPP> <Calling-Station-Id "d8:0d:17:16:e0:61"> <Called-Station-Id "bond0.999:00:1b:21:bd:06:86"> <Acct-Status-Type Stop> <Acct-Authentic RADIUS> <Acct-Session-Id "fdfd365fa41e8295"> <Acct-Session-Time 23> <Acct-Input-Octets 1785> <Acct-Output-Octets 543> <Acct-Input-Packets 31> <Acct-Output-Packets 12> <Acct-Input-Gigawords 0> <Acct-Output-Gigawords 0> <Framed-IP-Address 186.194.186.222> <Framed-Interface-Id 200:0:0:0> <Acct-Terminate-Cause User-Request>]
[2020-03-17 10:35:26.013] pppoe0: fdfd365fa41e8295: radius(1): req_exit 0
[2020-03-17 10:35:26.013] pppoe0: fdfd365fa41e8295: recv [RADIUS(1) Accounting-Response id=2]
[2020-03-17 10:35:26.036] bond0.999: recv [PPPoE PADT d8:0d:17:16:e0:61 => 00:1b:21:bd:06:86 sid=0780 <Host-Uniq 00007286> <AC-Cookie 1e0d55d54e107990eb8f4d6109b9795011acfcb44d704941>]
[2020-03-17 10:35:26.048] pppoe0: fdfd365fa41e8295: pppoe: ppp finished
[2020-03-17 10:35:26.048] pppoe0: fdfd365fa41e8295: lcp_layer_free
[2020-03-17 10:35:26.048] pppoe0: fdfd365fa41e8295: auth_layer_free
[2020-03-17 10:35:26.048] pppoe0: fdfd365fa41e8295: ccp_layer_free
[2020-03-17 10:35:26.048] pppoe0: fdfd365fa41e8295: ipcp_layer_free
[2020-03-17 10:35:26.048] pppoe0: fdfd365fa41e8295: ipv6cp_layer_free
[2020-03-17 10:35:26.048] pppoe0: fdfd365fa41e8295: ppp destablished
[2020-03-17 10:35:26.048] bond0.999: send [PPPoE PADT 00:1b:21:bd:06:86 => d8:0d:17:16:e0:61 sid=0780 <AC-Name ADD-PPPOE-01> <Service-Name >]
[2020-03-17 10:35:26.048] pppoe0: fdfd365fa41e8295: disconnected
[2020-03-17 10:35:26.809] bond0.999: recv [PPPoE PADI d8:0d:17:16:e0:61 => ff:ff:ff:ff:ff:ff sid=0000 <Service-Name > <Host-Uniq 000078ac>]
[2020-03-17 10:35:26.809] bond0.999: send [PPPoE PADO 00:1b:21:bd:06:86 => d8:0d:17:16:e0:61 sid=0000 <AC-Name ADD-PPPOE-01> <Service-Name > <AC-Cookie 1e0d55d54e107990eb8f4d6109b9795057ea0b03b1492d3e> <Host-Uniq 000078ac>]
[2020-03-17 10:35:26.813] bond0.999: recv [PPPoE PADR d8:0d:17:16:e0:61 => 00:1b:21:bd:06:86 sid=0000 <Service-Name > <Host-Uniq 000078ac> <AC-Cookie 1e0d55d54e107990eb8f4d6109b9795057ea0b03b1492d3e>]
[2020-03-17 10:35:26.813] bond0.999: send [PPPoE PADS 00:1b:21:bd:06:86 => d8:0d:17:16:e0:61 sid=07c0 <AC-Name ADD-PPPOE-01> <Service-Name > <Host-Uniq 000078ac>]
[2020-03-17 10:35:26.814] bond0.999: : lcp_layer_init
[2020-03-17 10:35:26.814] bond0.999: : auth_layer_init
[2020-03-17 10:35:26.814] bond0.999: : ccp_layer_init
[2020-03-17 10:35:26.814] bond0.999: : ipcp_layer_init
[2020-03-17 10:35:26.814] bond0.999: : ipv6cp_layer_init
[2020-03-17 10:35:26.814] bond0.999: : ppp establishing
[2020-03-17 10:35:26.814] bond0.999: fdfd365fa41e8296: lcp_layer_start
[2020-03-17 10:35:26.814] bond0.999: fdfd365fa41e8296: send [LCP ConfReq id=b1 <auth CHAP-md5> <mru 1400> <magic 640d5b05>]
[2020-03-17 10:35:26.959] bond0.999: fdfd365fa41e8296: recv [LCP ConfReq id=1 <mru 1480> <magic ccb95778>]
[2020-03-17 10:35:26.959] bond0.999: fdfd365fa41e8296: send [LCP ConfAck id=1 ]
[2020-03-17 10:35:29.814] bond0.999: fdfd365fa41e8296: fsm timeout 9
[2020-03-17 10:35:29.814] bond0.999: fdfd365fa41e8296: send [LCP ConfReq id=b1 <auth CHAP-md5> <mru 1400> <magic 640d5b05>]
[2020-03-17 10:35:29.816] bond0.999: fdfd365fa41e8296: recv [LCP ConfAck id=b1 <auth CHAP-md5> <mru 1400> <magic 640d5b05>]
[2020-03-17 10:35:29.816] bond0.999: fdfd365fa41e8296: lcp_layer_started
[2020-03-17 10:35:29.816] bond0.999: fdfd365fa41e8296: auth_layer_start
[2020-03-17 10:35:29.816] bond0.999: fdfd365fa41e8296: send [CHAP Challenge id=1 <c7cefa9995f784f40b6d298edb947c8>]
[2020-03-17 10:35:29.816] bond0.999: fdfd365fa41e8296: recv [LCP EchoReq id=0 <magic ccb95778>]
[2020-03-17 10:35:29.816] bond0.999: fdfd365fa41e8296: send [LCP EchoRep id=0 <magic 640d5b05>]
[2020-03-17 10:35:29.850] bond0.999: fdfd365fa41e8296: recv [CHAP Response id=1 <11243ac07a56e4206a186672ec8fcb4d>, name="rodrigohotspot@abc.com.br"]
[2020-03-17 10:35:29.850] bond0.999: fdfd365fa41e8296: radius(1): req_enter 1
[2020-03-17 10:35:29.850] bond0.999: fdfd365fa41e8296: send [RADIUS(1) Access-Request id=1 <User-Name "rodrigohotspot@abc.com.br"> <NAS-Identifier "add-pppoe-01"> <NAS-IP-Address 172.16.14.222> <NAS-Port-Type Virtual> <Service-Type Framed-User> <Framed-Protocol PPP> <Calling-Station-Id "d8:0d:17:16:e0:61"> <Called-Station-Id "bond0.999:00:1b:21:bd:06:86"> <CHAP-Challenge 0xc7cefa99950f784f40b6d298edb947c8> <CHAP-Password 0x0111243ac07a56e4206a186672ec8fcb4d>]
[2020-03-17 10:35:29.853] bond0.999: fdfd365fa41e8296: radius(1): req_exit 0
[2020-03-17 10:35:29.853] bond0.999: fdfd365fa41e8296: recv [RADIUS(1) Access-Accept id=1 <Mikrotik-Rate-Limit "540000k/540000k"> <Framed-IPv6-Pool "prefixdelegation"> <Framed-Pool "ippublico">]
[2020-03-17 10:35:29.853] ppp0: fdfd365fa41e8296: connect: ppp0 <--> pppoe(d8:0d:17:16:e0:61)
[2020-03-17 10:35:29.853] ppp0: fdfd365fa41e8296: ppp connected
[2020-03-17 10:35:29.853] ppp0: fdfd365fa41e8296: send [CHAP Success id=1 "Authentication succeeded"]
[2020-03-17 10:35:29.853] ppp0: fdfd365fa41e8296: auth_layer_started
[2020-03-17 10:35:29.853] ppp0: fdfd365fa41e8296: ccp_layer_start
[2020-03-17 10:35:29.853] ppp0: fdfd365fa41e8296: ipcp_layer_start
[2020-03-17 10:35:29.853] ppp0: fdfd365fa41e8296: send [IPCP ConfReq id=c4 <addr 187.95.0.230>]
[2020-03-17 10:35:29.853] ppp0: fdfd365fa41e8296: ipv6cp_layer_start
[2020-03-17 10:35:29.853] ppp0: fdfd365fa41e8296: rodrigohotspot@abc.com.br: authentication succeeded
[2020-03-17 10:35:29.879] ppp0: fdfd365fa41e8296: recv [IPCP ConfReq id=1 <addr 0.0.0.0> <dns1 0.0.0.0> <dns2 0.0.0.0>]
[2020-03-17 10:35:29.879] ppp0: fdfd365fa41e8296: send [IPCP ConfRej id=1 <dns2 0.0.0.0>]
[2020-03-17 10:35:29.879] ppp0: fdfd365fa41e8296: recv [IPV6CP ConfReq id=1 <addr a503:7a3f:cca7:6b2b>]
[2020-03-17 10:35:29.879] ppp0: fdfd365fa41e8296: send [IPV6CP ConfReq id=1 <addr 100:0:0:0>]
[2020-03-17 10:35:29.879] ppp0: fdfd365fa41e8296: send [IPV6CP ConfNak id=1 <addr 200:0:0:0>]
[2020-03-17 10:35:29.879] ppp0: fdfd365fa41e8296: recv [IPCP ConfAck id=c4 <addr 187.0.0.230>]
[2020-03-17 10:35:29.881] ppp0: fdfd365fa41e8296: recv [IPCP ConfReq id=2 <addr 0.0.0.0> <dns1 0.0.0.0>]
[2020-03-17 10:35:29.881] ppp0: fdfd365fa41e8296: send [IPCP ConfNak id=2 <addr 186.0.0.223> <dns1 187.0.0.8>]
[2020-03-17 10:35:29.882] ppp0: fdfd365fa41e8296: recv [IPV6CP ConfAck id=1 <addr 100:0:0:0>]
[2020-03-17 10:35:29.882] ppp0: fdfd365fa41e8296: recv [IPV6CP ConfReq id=2 <addr 200:0:0:0>]
[2020-03-17 10:35:29.882] ppp0: fdfd365fa41e8296: send [IPV6CP ConfAck id=2]
[2020-03-17 10:35:29.882] ppp0: fdfd365fa41e8296: ipv6cp_layer_started
[2020-03-17 10:35:29.884] ppp0: fdfd365fa41e8296: recv [IPCP ConfReq id=3 <addr 186.0.0.223> <dns1 187.0.0.8>]
[2020-03-17 10:35:29.884] ppp0: fdfd365fa41e8296: send [IPCP ConfAck id=3]
[2020-03-17 10:35:29.884] ppp0: fdfd365fa41e8296: ipcp_layer_started
[2020-03-17 10:35:29.897] ppp0: fdfd365fa41e8296: rename interface to 'pppoe0'
[2020-03-17 10:35:29.897] pppoe0: fdfd365fa41e8296: radius(1): req_enter 1
[2020-03-17 10:35:29.897] pppoe0: fdfd365fa41e8296: send [RADIUS(1) Accounting-Request id=1 <User-Name "rodrigohotspot@abc.com.br"> <NAS-Identifier "add-pppoe-01"> <NAS-IP-Address 172.16.14.222> <NAS-Port 0> <NAS-Port-Id "pppoe0"> <NAS-Port-Type Virtual> <Service-Type Framed-User> <Framed-Protocol PPP> <Calling-Station-Id "d8:0d:17:16:e0:61"> <Called-Station-Id "bond0.999:00:1b:21:bd:06:86"> <Acct-Status-Type Start> <Acct-Authentic RADIUS> <Acct-Session-Id "fdfd365fa41e8296"> <Acct-Session-Time 0> <Acct-Input-Octets 0> <Acct-Output-Octets 0> <Acct-Input-Packets 0> <Acct-Output-Packets 0> <Acct-Input-Gigawords 0> <Acct-Output-Gigawords 0> <Framed-IP-Address 186.0.0.223> <Framed-Interface-Id 200:0:0:0>]
[2020-03-17 10:35:29.899] pppoe0: fdfd365fa41e8296: radius(1): req_exit 0
[2020-03-17 10:35:29.900] pppoe0: fdfd365fa41e8296: recv [RADIUS(1) Accounting-Response id=1]
[2020-03-17 10:35:29.903] pppoe0: fdfd365fa41e8296: shaper: installed shaper 540000/540000 (Kbit)
[2020-03-17 10:35:29.903] pppoe0: fdfd365fa41e8296: pppoe: ppp started
[2020-03-17 10:35:39.825] pppoe0: fdfd365fa41e8296: recv [LCP EchoReq id=1 <magic ccb95778>]
[2020-03-17 10:35:39.825] pppoe0: fdfd365fa41e8296: send [LCP EchoRep id=1 <magic 640d5b05>]
rodrigoyoshioka
Posts: 4
Joined: 17 Mar 2020, 13:25

Re: Pool IPv6 + Radius

Post by rodrigoyoshioka »

Hi, to add more information, I realize that when I enable attr-address and include the name attribute in the prefix, I got this error on log.

Code: Select all

[2020-03-17 11:00:59]:  info: pppoe0: recv [DHCPv6 Solicit XID=b1dcc4 <Client-ID 3:0001d80d1716e061> <IA-NA 1 T1=0 T2=0> <Elapsed-Time 100663296> <Option-Request DNS> <IA-PD 1 T1=0 T2=0>]
[2020-03-17 11:00:59]:  warn: failed to load vlan_mon module
[2020-03-17 11:00:59]: debug: libnetlink: RTNETLINK answers: No such file or directory
[2020-03-17 11:00:59]: error: genl: error talking to kernel
[2020-03-17 11:00:59]:  warn: vlan_mon: kernel module is not loaded
I didn't compiled vlan_mon and IPoE modules since I'll not use them. And I'm using CentOS 8 distro.


Thanks.
dimka88
Posts: 866
Joined: 13 Oct 2014, 05:51
Contact:

Re: Pool IPv6 + Radius

Post by dimka88 »

Hi, just ignore vlna_mon and ipoe warnings.
Did you try send `ERX-IPv6-Delegated-Pool-Name=dhcp-pd and Framed-IPv6-Pool= prefixdelegation`?
But if you want use only SLAAC on client, try set

Code: Select all

[ipv6-nd]
AdvAutonomousFlag=1
rodrigoyoshioka
Posts: 4
Joined: 17 Mar 2020, 13:25

Re: Pool IPv6 + Radius

Post by rodrigoyoshioka »

dimka88 wrote: 17 Mar 2020, 15:03 Did you try send `ERX-IPv6-Delegated-Pool-Name=dhcp-pd and Framed-IPv6-Pool= prefixdelegation`?
Hi, you mean, set this var directly in conf file? I tried after you messagem, but then accel-ppp didn't start.

Code: Select all

[2020-03-17 14:09:01]: error: ipv6_pool: failed to parse 'ERX-IPv6-Delegated-Pool-Name'
[2020-03-17 14:09:01]: error: ipv6_pool: failed to parse 'Framed-IPv6-Pool'
In addition, I realize that the attributes and values were inverse. So I changed to:

Code: Select all

attr-prefix=ERX-IPv6-Delegated-Pool-Name
attr-address=Framed-IPv6-Pool
But, now, when a pppoe authenticate, it get ip6, but not dhcp.

Code: Select all

[root@pbe-pppoe-0 suporte]# accel-cmd show sessions "ifname,sid,username,calling-sid,ip,ip6,ip6-dp,rate-limit,type,state,uptime"
 ifname |        sid       |            username             |    calling-sid    |       ip        |           ip6          | ip6-dp |  rate-limit   | type  | state  |  uptime
--------+------------------+---------------------------------+-------------------+-----------------+------------------------+--------+---------------+-------+--------+----------
 pppoe0 | fdfd365fa41fa424 | rodrigohotspot@clickrede.com.br | d8:0d:17:16:e0:61 | 186.000.000.192 | 2804:abc:14:0:200::/64 |        | 540000/540000 | pppoe | active | 00:00:04
And next, connection is closed.

I believe that it should be a misconfiguration or problem or bug only in dhcp-v6 pool, but I have no idea how to solve it.

Just to update, its CentOS 7, not 8 as I said earlier.
rodrigoyoshioka
Posts: 4
Joined: 17 Mar 2020, 13:25

Re: Pool IPv6 + Radius

Post by rodrigoyoshioka »

Hi again,

One important update.

Code: Select all

MariaDB [radius]> select * from radreply where username='rodrigohotspot@clickrede.com.br';
+---------+---------------------------------+----------------------------+----+------------------+
| id      | username                        | attribute                  | op | value            |
+---------+---------------------------------+----------------------------+----+------------------+
| 1668232 | rodrigohotspot@clickrede.com.br | Delegated-IPv6-Prefix-Pool | := | dhcp-pd          |
| 1668233 | rodrigohotspot@clickrede.com.br | Mikrotik-Rate-Limit        | := | 540000k/540000k  |
| 1668234 | rodrigohotspot@clickrede.com.br | Framed-IPv6-Pool           | := | prefixdelegation |
| 1668235 | rodrigohotspot@clickrede.com.br | Framed-Pool                | := | ippublico        |
+---------+---------------------------------+----------------------------+----+------------------+
If I set attribute as in the documentation, it works.
The issue happens when I use a different attribute. I added the attribute "ERX-IPv6-Delegated-Pool-Name" to dictionary, but even though it continue not working.

I will try to workaround this issue in order to keep radius working with the vendors I have as pppoe-server.


Thanks.
dimka88
Posts: 866
Joined: 13 Oct 2014, 05:51
Contact:

Re: Pool IPv6 + Radius

Post by dimka88 »

Hi, you need add these attributes in accel-ppp and radius server dictionaries. Note: attribute IDs must not be allocated for other attribute
Post Reply