[RP-PPPoE] PPPoE Server autenticating to a remote Radius Server

Blackhold blackholdmailer at gmail.com
Sun Nov 23 18:53:37 EST 2014 

Hi,
I'm trying to configure a PPPoE server that takes auth from an
external radius server, but I found that PPPoE client reaches PPPoE
server, but PPPoE server doesn't reaches external radius server.

I'm able to do radchecks to freeradius server, but PPPoE server seems
that tries to search auths locally.

#### server installation
I followed this manual:
http://blog.webdir.bg/linux-pppoe-server-with-radius-suuport/

# apt-get install ppp ppp-dev gcc binutils
# wget http://www.roaringpenguin.com/files/download/rp-pppoe-3.11.tar.gz
# tar xvzf rp-pppoe-3.11.tar.gz
# cd rp-pppoe-3.11/src/
# ./configure --enable-plugin
# make && make install
# apt-get install radiusclient1

##### config files

[[[ /etc/ppp/pppoe-server-options ]]]
# PPP options for the PPPoE server
# LIC: GPL
logfile /var/log/pppoe.log
require-pap
require-chap
mru 1492
mtu 1492
ms-dns 10.139.39.66
ms-dns 8.8.8.8
lcp-max-configure 60
lcp-restart 2
lcp-echo-interval 30
lcp-echo-failure 4
idle 0
noipx
proxyarp
lcp-echo-interval 10
lcp-echo-failure 5
plugin radius.so
plugin radattr.so
debug
kdebug 1
plugin radius.so
plugin radattr.so
plugin rp-pppoe.so
name epsilon-ppp
radius-config-file /etc/radiusclient/radiusclient.conf
login
auth

[[[ /etc/radiusclient/radiusclient.conf ]]]
# General settings
auth_order radius
login_tries 4
login_timeout 60
nologin /etc/nologin
issue /etc/radiusclient/issue

# RADIUS settings
authserver 10.228.201.51
acctserver 10.228.201.51
servers /etc/radiusclient/servers
dictionary /etc/radiusclient/dictionary
login_radius /usr/sbin/login.radius
seqfile /var/run/radius.seq
mapfile /etc/radiusclient/port-id-map
default_realm
radius_timeout 10
radius_retries 3

# LOCAL settings
login_local /bin/login
nas_identifier polaris-ppp



[[[ /etc/radiusclient/servers ]]]]
10.228.201.51                        thisissecret

All the rest of files are defined by default.


##### running the server

# pppoe-server -L 10.90.226.86 -I zeoip0 -I zeoip1 -N 1200 -C
epsilon-ppp -S epsilon-ppp -T 300 -k -m 1492


##### logs
Plugin radius.so loaded.
RADIUS plugin initialized.
Plugin radattr.so loaded.
RADATTR plugin initialized.
Plugin radius.so loaded.
RADIUS plugin initialized.
Plugin radattr.so loaded.
RADATTR plugin initialized.
Plugin rp-pppoe.so loaded.
Connected to 02:b2:33:0e:7b:7d via interface zeoip0
using channel 174
Using interface ppp0
Connect: ppp0 <--> zeoip0
sent [LCP ConfReq id=0x1 <mru 1492> <auth chap MD5> <magic 0xbbf53e24>]
rcvd [LCP ConfReq id=0x1 <mru 1492> <magic 0x18af66d7>]
sent [LCP ConfAck id=0x1 <mru 1492> <magic 0x18af66d7>]
rcvd [LCP ConfAck id=0x1 <mru 1492> <auth chap MD5> <magic 0xbbf53e24>]
sent [LCP EchoReq id=0x0 magic=0xbbf53e24]
sent [CHAP Challenge id=0x27
<6c02e84fff6f715fc6f45091e8f7ca305fe5bd2683>, name = "epsilon-ppp"]
rcvd [LCP EchoRep id=0x0 magic=0x18af66d7]
rcvd [CHAP Response id=0x27 <b144683827dbf9db0a4d5ec25ca2827b>, name =
"laura.mora"]
rc_avpair_new: unknown attribute 32
Peer laura.mora failed CHAP authentication
sent [CHAP Failure id=0x27 ""]
sent [LCP TermReq id=0x2 "Authentication failed"]
rcvd [LCP TermAck id=0x2]
Connection terminated.
RADATTR plugin removed file /var/run/radattr.ppp0.
RADATTR plugin removed file /var/run/radattr.ppp0.

>>>> Here the pppoe server does't connect to the radius server


#### testing freeradius connection with radtest

# radtest username secretpassword 10.228.201.51:1812 1 secretpassword
Sending Access-Request of id 31 to 10.228.201.51 port 1812
User-Name = "username"
User-Password = "secretpassword"
NAS-IP-Address = 10.90.226.86
NAS-Port = 1
Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host 10.228.201.51 port 1812,
id=31, length=96
Framed-IP-Address = 5.10.205.189
Port-Limit = 1
Service-Type = Framed-User
Acct-Interim-Interval = 60
Framed-Compression = Van-Jacobson-TCP-IP
Framed-Route = "0.0.0.0/0 192.168.69.1 1"
Framed-IPv6-Prefix = 2a00:1508:6001:dead::/64

>>>> Here the pppoe server DO connect to the radius server


This configuration I'm doing I had test with a mikrotik router and
found that I must add my IP on local address on profile, if this value
is not there it never connects and also outputs auths problems. But
here the first problem is that pppoe-server doesn't reach freeradius.
I ran a tcpdump searching for some kind of communication and there's
NONE.

Please, could someone give me some help please?

Thanks you much!

- Blackhold
http://blackhold.nusepas.com
@blackhold_
~> cal lluitar contra el fort per deixar de ser febles, i contra
nosaltres mateixos quan siguem forts (Esquirols)

More information about the RP-PPPoE mailing list