Page MenuHomeVyOS Platform

l2tp, sstp, pptp add option to disable radius accounting
Closed, ResolvedPublic

Description

Currently l2tp, sstp and pptp requires accounting for radius to be enabled or the connection will be closed from the server.
Suggestion to add option:
disable-accounting
set vpn pptp remote-access authentication radius disable-accounting
set vpn l2tp remote-access authentication radius disable-accounting
set vpn sstp remote-access authentication radius disable-accounting

Details

Difficulty level
Unknown (require assessment)
Version
VyOS 1.3-rolling-202006170117
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Feature (new functionality)

Event Timeline

klase created this object in space S1 VyOS Public.

@Dmitry Your suggestions? Is it possible?
What parameter do we need to change?

@Viacheslav if we set acct-port=0 it should to disable accounting.

[radius]
server=x.x.x.x,secret,auth-port=1812,acct-port=0

PR https://github.com/vyos/vyos-1x/pull/581

Before config

vyos@r4-roll# grep "server=" /run/accel-pppd/*.conf
/run/accel-pppd/l2tp.conf:server=100.64.0.2,foo,auth-port=1812,acct-port=1813,req-limit=0,fail-time=0
/run/accel-pppd/pptp.conf:server=100.64.0.2,fo,auth-port=1812,acct-port=1813,req-limit=0,fail-time=0
/run/accel-pppd/sstp.conf:server=100.64.0.2,foo,auth-port=1812,acct-port=1813,req-limit=0,fail-time=0

Configure disable radius option

vyos@r4-roll# set vpn l2tp remote-access authentication radius server 100.64.0.2 disable-accounting
[edit]
vyos@r4-roll# set vpn sstp authentication radius server 100.64.0.2 disable-accounting
[edit]
vyos@r4-roll# set vpn pptp remote-access authentication radius server 100.64.0.2 disable-accounting
[edit]
vyos@r4-roll# commit
[edit]
vyos@r4-roll#

Configs after commit

vyos@r4-roll# grep "server=" /run/accel-pppd/*.conf
/run/accel-pppd/l2tp.conf:server=100.64.0.2,foo,auth-port=1812,acct-port=0,req-limit=0,fail-time=0
/run/accel-pppd/pptp.conf:server=100.64.0.2,fo,auth-port=1812,acct-port=0,req-limit=0,fail-time=0
/run/accel-pppd/sstp.conf:server=100.64.0.2,foo,auth-port=1812,acct-port=0,req-limit=0,fail-time=0
[edit]
vyos@r4-roll#

@klase Check these options in the next rolling release (after 20201027)

set vpn l2tp remote-access authentication radius server 100.64.0.2 disable-accounting
set vpn sstp authentication radius server 100.64.0.2 disable-accounting
set vpn pptp remote-access authentication radius server 100.64.0.2 disable-accounting

I will check it tomorrow and verify operation. Thank you!

I have tested both SSTP and L2TP and it works as expected - thank you for this addition!

erkin set Issue type to Feature (new functionality).Aug 29 2021, 2:11 PM
erkin removed a subscriber: Active contributors.