Page MenuHomeVyOS Platform

accel-ppp: pppoe implementation
Closed, ResolvedPublicFEATURE REQUEST

Details

Difficulty level
Unknown (require assessment)
Version
-
Why the issue appeared?
Will be filled on close

Related Objects

StatusSubtypeAssignedTask
ResolvedFEATURE REQUESThagbard
ResolvedFEATURE REQUESThagbard
ResolvedFEATURE REQUESThagbard

Event Timeline

hagbard triaged this task as Normal priority.Sep 6 2018, 7:23 PM
hagbard created this task.

Sep 19 21:59:29 vyos accel-pptp: accel-ppp version f7074fe7acf69faab1eec87d97e50df20551429f
Sep 19 21:59:47 vyos accel-pptp: eth1: recv [PPPoE PADI 08:00:27:2c:86:02 => ff:ff:ff:ff:ff:ff sid=0000 <Service-Name > <Host-Uniq 320c0000>]
Sep 19 21:59:47 vyos accel-pptp: eth1: send [PPPoE PADO 08:00:27:5e:e4:00 => 08:00:27:2c:86:02 sid=0000 <AC-Name accel-ppp> <Service-Name > <AC-Cookie fd6d0db4854a2b3bd035dbf33d805ede449c128c52364d1a> <Host-Uniq 320c0000>]
Sep 19 21:59:47 vyos accel-pptp: eth1: recv [PPPoE PADR 08:00:27:2c:86:02 => 08:00:27:5e:e4:00 sid=0000 <Service-Name > <Host-Uniq 320c0000> <AC-Cookie fd6d0db4854a2b3bd035dbf33d805ede449c128c52364d1a>]
Sep 19 21:59:47 vyos accel-pptp: eth1: send [PPPoE PADS 08:00:27:5e:e4:00 => 08:00:27:2c:86:02 sid=0001 <AC-Name accel-ppp> <Service-Name > <Host-Uniq 320c0000>]
Sep 19 21:59:47 vyos accel-pptp: eth1:: lcp_layer_init
Sep 19 21:59:47 vyos accel-pptp: eth1:: auth_layer_init
Sep 19 21:59:47 vyos accel-pptp: eth1:: ccp_layer_init
Sep 19 21:59:47 vyos accel-pptp: eth1:: ipcp_layer_init
Sep 19 21:59:47 vyos accel-pptp: eth1:: ipv6cp_layer_init
Sep 19 21:59:47 vyos accel-pptp: eth1:: ppp establishing
Sep 19 21:59:47 vyos accel-pptp: eth1:: lcp_layer_start
Sep 19 21:59:50 vyos accel-pptp: eth1:: fsm timeout 9
Sep 19 21:59:50 vyos accel-pptp: eth1:: lcp_layer_started
Sep 19 21:59:50 vyos accel-pptp: eth1:: auth_layer_start
Sep 19 21:59:50 vyos accel-pptp: ppp0:test123: connect: ppp0 <--> pppoe(08:00:27:2c:86:02)
Sep 19 21:59:50 vyos accel-pptp: ppp0:test123: ppp connected
Sep 19 21:59:50 vyos accel-pptp: ppp0:test123: auth_layer_started
Sep 19 21:59:50 vyos accel-pptp: ppp0:test123: ccp_layer_start
Sep 19 21:59:50 vyos accel-pptp: ppp0:test123: ipcp_layer_start
Sep 19 21:59:50 vyos accel-pptp: ppp0:test123: ipv6cp_layer_start
Sep 19 21:59:50 vyos accel-pptp: ppp0:test123: test123: authentication succeeded
Sep 19 21:59:50 vyos accel-pptp: ppp0:test123: ipcp_layer_started
Sep 19 21:59:50 vyos accel-pptp: ppp0:test123: pppoe: ppp started
Sep 19 21:59:50 vyos charon: 09[KNL] 192.168.0.1 appeared on ppp0
Sep 19 21:59:50 vyos charon: 11[KNL] 192.168.0.1 disappeared from ppp0
Sep 19 21:59:50 vyos charon: 13[KNL] 192.168.0.1 appeared on ppp0
Sep 19 21:59:50 vyos charon: 15[KNL] interface ppp0 activated
Sep 19 21:59:50 vyos systemd-sysctl[2614]: Overwriting earlier assignment of net/core/rmem_max in file '/etc/sysctl.d/99-sysctl.conf'.
Sep 19 21:59:52 vyos ntpd[2135]: Listen normally on 8 ppp0 192.168.0.1 UDP 123
Sep 19 21:59:52 vyos ntpd[2135]: peers refreshed

Running as server works well, but as far as i see we can't use it as a client.

syncer changed the task status from Open to In progress.Sep 20 2018, 1:00 PM
syncer moved this task from Needs Triage to In Progress on the VyOS 1.2 Crux (VyOS 1.2.0-rc1) board.

Anyone able to quickly test radius authentication, otherwise I gotta build myself a freeradius first.

I've tested radius authentication with L2TP on 1.2.0-rolling+201810060337 and it works. Not sure if you need a separate test with PPTP?

Yes! Radius auth is working nicely, now the cli config part needs to be finished.

Oct 31 18:04:13 vyos-pppoe accel-pppoe: ppp0:vyostest: recv [IPCP ConfReq id=2 <addr 10.1.1.100> <dns1 0.0.0.0> <dns2 0.0.0.0>]
Oct 31 18:04:13 vyos-pppoe accel-pppoe: ppp0:vyostest: send [RADIUS(1) Accounting-Request id=1 <User-Name "vyostest"> <NAS-Port 0> <NAS-Port-Id "ppp0"> <NAS-Port-Type Virtual> <Service-Type Framed-User> <Framed-Protocol PPP> <Calling-Station-Id "08:00:27:f3:b6:6f"> <Called-Station-Id "08:00:27:aa:f0:10"> <Acct-Status-Type Start> <Acct-Authentic RADIUS> <Acct-Session-Id "6e5a6d595393dbfa"> <Acct-Session-Time 0> <Acct-Input-Octets 0> <Acct-Output-Octets 0> <Acct-Input-Packets 0> <Acct-Output-Packets 0> <Acct-Input-Gigawords 0> <Acct-Output-Gigawords 0> <Framed-IP-Address 10.1.1.100>]
Oct 31 18:04:13 vyos-pppoe accel-pppoe: ppp0:vyostest: send [IPCP ConfAck id=2]
Oct 31 18:04:13 vyos-pppoe accel-pppoe: ppp0:vyostest: recv [RADIUS(1) Accounting-Response id=1]

Pushing to rolling releases tonight.

feature below added:

set service pppoe-server ppp-options
Possible completions:

ccp          ccp negotiation (default disabled)
lcp-echo-failure
             maximum number of Echo-Requests may be sent without valid reply
lcp-echo-interval
             lcp echo-requests/sec
min-mtu      minimum acceptable MTU.
mppe         specifies mppe negotiation preference. (default prefer mppe)
mru          preferred MRU.

IPv6 pppoe options added.

set service pppoe-server ppp-options
Possible completions:

ccp          ccp negotiation (default disabled)
ipv4         specify IPv4 (IPCP) negotiation algorithm
ipv6         specify IPv6 (IPCP6) negotiation algorithm
ipv6-accept-peer-intf-id
             accept peer's interface identifier
ipv6-intf-id Specify fixed or random interface identifier for IPv6
ipv6-peer-intf-id
             specify peer interface identifier for IPv6
lcp-echo-failure
             maximum number of Echo-Requests may be sent without valid reply
lcp-echo-interval
             lcp echo-requests/sec
min-mtu      minimum acceptable MTU (68-65535)
mppe         specifies mppe negotiation preference. (default prefer mppe)
mru          preferred MRU (68-65535)

Options added. Maybe I should make a node for dns and have then all dns settings in there for better visibility.
set service pppoe-server dnsv6-servers
Possible completions:

server-1     Primary DNS server
server-2     Secondary DNS server
server-3     Tertiary DNS server

+ dns-servers {
+ server-1 10.1.1.1
+ server-2 10.2.1.1
+ }
+ dnsv6-servers {
+ server-1 2001:db8:aaa::
+ server-2 2001:db8:bbb::
+ server-3 2001:db8:ccc::
+ }

For everyone who wants to test, this version is in rolling releases. If you find any bugs, please post it here.
https://downloads.vyos.io/?dir=rolling/current/amd64

note to myself:

  • implement verify for auth mode so that either local or radius is set. :done:

Hello!
Please also add "single-session" to
set service pppoe-server ppp-options

From accel-ppp docs:
single-session=replace|deny
Specifies whether to control sessions count.
If this option is absent session count control is turned off.
If this option is replace then accel-ppp will terminate first session when second is authorized.
If this option is deny then accel-ppp will deny second session authorization.