IPoE + radius + change + ip address

IPoE related questions
Post Reply
giganet
Posts: 5
Joined: 08 Mar 2021, 09:26

IPoE + radius + change + ip address

Post by giganet »

Currently, IPoE has freeradius authentication.

As long as the ipoe interface is alive and the lease-time expires, accel-ppp will not send a new request to freeradius.

This is a problem because if you change the IP it will not get to the client.

How can this be solved?

ipoe config:

Code: Select all

[ipoe]
gw-ip-address=2.2.2.1/24
gw-ip-address=3.3.3.1/24
verbose=1
username=lua:username
lease-time=120
renew-time=60
max-lease-time=240
unit-cache=0
shared=1
ifcfg=1
mode=L2
start=dhcpv4
ip-unnumbered=1
proxy-arp=1
vendor=Mikrotik
attr-dhcp-opt82=DHCP-Option82
attr-dhcp-opt82-remote-id=DHCP-Agent-Remote-Id
attr-dhcp-opt82-circuit-id=DHCP-Agent-Circuit-Id
lua-file=/etc/accel-ppp.lua
soft-terminate=1
check-mac-change=1
interface=ens4.15
interface=ens4.70
interface=ens4.55
radius config:

Code: Select all

[radius]
nas-identifier=accel-ppp
nas-ip-address=127.0.0.1
gw-ip-address=10.1.0.2
server=127.0.0.1,testing123,auth-port=1812,acct-port=1813,req-limit=50,fail-timeout=0,max-fail=10,weight=1
dae-server=127.0.0.1:3799,testing123
verbose=1
dimka88
Posts: 866
Joined: 13 Oct 2014, 05:51
Contact:

Re: IPoE + radius + change + ip address

Post by dimka88 »

Hello, I think you need to use CoA/PoD to drop user session. After then, user will send a NEW DHCP Discover packet
giganet
Posts: 5
Joined: 08 Mar 2021, 09:26

Re: IPoE + radius + change + ip address

Post by giganet »

How ?

The client will only send updates at first, discovery will occur if no response is received.
In turn, you get answers to renewals.
dimka88
Posts: 866
Joined: 13 Oct 2014, 05:51
Contact:

Re: IPoE + radius + change + ip address

Post by dimka88 »

Set [ipoe]soft-terminate=1
FYI. Accel-ppp should send NAK if it receives 3 DHCPOFFER with the same XID
giganet
Posts: 5
Joined: 08 Mar 2021, 09:26

Re: IPoE + radius + change + ip address

Post by giganet »

According to the attached configuration, it is enabled but has no effect.

If I abort the session, it disconnects the ipoe connection at the next renew, but the client is left without a net and gets an IP after a few renews.

I would need a more continuous / faster option, 1-2 ping loss maximum.
dimka88
Posts: 866
Joined: 13 Oct 2014, 05:51
Contact:

Re: IPoE + radius + change + ip address

Post by dimka88 »

I think you need to check accel-ppp logs and DHCP packets. When accel-ppp sends NAK, the client must send DHCP Discover.
Post Reply