GGSN/APN Freeradius and Proxy
Tevfik Ceydeliler
tevfik.ceydeliler at astron.yasar.com.tr
Wed Feb 25 13:44:00 CET 2015
On 02/24/2015 06:00 PM, Alan DeKok wrote:
> On Feb 24, 2015, at 10:14 AM, Tevfik Ceydeliler <tevfik.ceydeliler at astron.yasar.com.tr> wrote:
>> I use Kobil Secovid as Motp , home server and its log very primitive like this:
>> "Tue Feb 24 11:40:21 2015: sending reject for vantacgida4's query from 10.43.1.51"
>> It not help me to understand why reject.
> So… ask the Kobil people why their RADIUS server is broken.
No support we paid :(
>
>> Differences are very obvious:
> So… use FreeRADIUS to edit the proxied packet, so that it looks more like the one from radtest. That’s what the “pre-proxy” section is for. There are lots of examples and documentation for this.
>
>> rad_recv: Access-Request packet from host 172.30.80.1 port 24208, id=136, length=372
>> Comes from GGSN:
>> Calling-Station-Id = "905344776557"
>> User-Name = "vantacgida4”
>> ...
>> User-Password = "5080+00526417”
> Does that name / password work for radtest? If not, then stop wasting your time, and throw the home server in the garbage. Get one that works,
I cant test this use bec. It is reseller. But I create another user and
can test it.
########################################################
root at radiuspnb:/etc/freeradius# radtest kivanccepel 475224928708
10.1.1.51 10 geheim
Sending Access-Request of id 21 to 10.1.1.51 port 1812
User-Name = "kivanccepel"
User-Password = "475224928708"
NAS-IP-Address = 127.0.1.1
NAS-Port = 10
Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host 10.1.1.51 port 1812, id=21,
length=2
###########################################################
As you see it works.
But from GGSN not work.
I really wish to throw taht home-serve rto garbage. But more that 300
reseller connect via this home-server.
OK lets change home server. I have another one for internal usage.
In this case,
##################################################################33
ad_recv: Access-Request packet from host 172.30.80.1 port 24144, id=10,
length=377
Calling-Station-Id = "905303630245"
User-Name = "biryudumgida3"
NAS-IP-Address = 172.30.80.1
NAS-Identifier = "MTCGGSNK3"
Service-Type = Framed-User
Framed-Protocol = GPRS-PDP-Context
NAS-Port-Type = Wireless-Other
3GPP-IMSI = "286015918760926"
3GPP-IMSI-MCC-MNC = "28601"
3GPP-NSAPI = "5"
3GPP-Selection-Mode = "0"
3GPP-Charging-ID = 50711443
3GPP-GPRS-Negotiated-QoS-profile = "05-13921F7396F7FE74620846006400"
3GPP-Charging-Characteristics = "0800"
Called-Station-Id = "yasarapn"
3GPP-SGSN-Address = 86.108.153.116
3GPP-SGSN-MCC-MNC = "28601"
3GPP-GGSN-Address = 86.108.153.126
3GPP-GGSN-MCC-MNC = "28601"
3GPP-Negotiated-DSCP = 18
3GPP-RAT-Type = 1
3GPP-Location-Info = 0x0182f610eb2acd62
3GPP-Attr-23 = 0x8020
3GPP-IMEISV = "9800670040325323"
3GPP-PDP-Type = 0
NAS-Port = 41524
User-Password = "645327067460"
3GPP-Charging-Gateway-Address = 10.200.211.27
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "biryudumgida3", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
[sql] expand: %{User-Name} -> biryudumgida3
[sql] sql_set_user escaped user --> 'biryudumgida3'
rlm_sql (sql): Reserving sql socket id: 4
[sql] expand: SELECT id, username, attribute, value, op
FROM radcheck WHERE username = '%{SQL-User-Name}'
ORDER BY id -> SELECT id, username, attribute, value, op FROM
radcheck WHERE username = 'biryudumgida3' ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op
FROM radreply WHERE username = '%{SQL-User-Name}'
ORDER BY id -> SELECT id, username, attribute, value, op FROM
radreply WHERE username = 'biryudumgida3' ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup
WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT
groupname FROM radusergroup WHERE username =
'biryudumgida3' ORDER BY priority
[sql] expand: SELECT id, groupname, attribute, Value,
op FROM radgroupcheck WHERE groupname =
'%{Sql-Group}' ORDER BY id -> SELECT id, groupname,
attribute, Value, op FROM radgroupcheck
WHERE groupname = 'UGR_TcellOtonomYBB-Secovid' ORDER BY id
[sql] User found in group UGR_TcellOtonomYBB-Secovid
[sql] expand: SELECT id, groupname, attribute, value,
op FROM radgroupreply WHERE groupname =
'%{Sql-Group}' ORDER BY id -> SELECT id, groupname,
attribute, value, op FROM radgroupreply
WHERE groupname = 'UGR_TcellOtonomYBB-Secovid' ORDER BY id
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
WARNING: Empty pre-proxy section. Using default return values.
Sending Access-Request of id 80 to 10.1.1.51 port 1812
Calling-Station-Id = "905303630245"
User-Name = "biryudumgida3"
NAS-IP-Address = 172.30.80.1
NAS-Identifier = "MTCGGSNK3"
Service-Type = Framed-User
Framed-Protocol = GPRS-PDP-Context
NAS-Port-Type = Wireless-Other
3GPP-IMSI = "286015918760926"
3GPP-IMSI-MCC-MNC = "28601"
3GPP-NSAPI = "5"
3GPP-Selection-Mode = "0"
3GPP-Charging-ID = 50711443
3GPP-GPRS-Negotiated-QoS-profile = "05-13921F7396F7FE74620846006400"
3GPP-Charging-Characteristics = "0800"
Called-Station-Id = "yasarapn"
3GPP-SGSN-Address = 86.108.153.116
3GPP-SGSN-MCC-MNC = "28601"
3GPP-GGSN-Address = 86.108.153.126
3GPP-GGSN-MCC-MNC = "28601"
3GPP-Negotiated-DSCP = 18
3GPP-RAT-Type = 1
3GPP-Location-Info = 0x0182f610eb2acd62
3GPP-Attr-23 = 0x8020
3GPP-IMEISV = "9800670040325323"
3GPP-PDP-Type = 0
NAS-Port = 41524
User-Password = "645327067460"
3GPP-Charging-Gateway-Address = 10.200.211.27
Proxy-State = 0x3130
Proxying request 4 to home server 10.1.1.51 port 1812
Sending Access-Request of id 80 to 10.1.1.51 port 1812
Calling-Station-Id = "905303630245"
User-Name = "biryudumgida3"
NAS-IP-Address = 172.30.80.1
NAS-Identifier = "MTCGGSNK3"
Service-Type = Framed-User
Framed-Protocol = GPRS-PDP-Context
NAS-Port-Type = Wireless-Other
3GPP-IMSI = "286015918760926"
3GPP-IMSI-MCC-MNC = "28601"
3GPP-NSAPI = "5"
3GPP-Selection-Mode = "0"
3GPP-Charging-ID = 50711443
3GPP-GPRS-Negotiated-QoS-profile = "05-13921F7396F7FE74620846006400"
3GPP-Charging-Characteristics = "0800"
Called-Station-Id = "yasarapn"
3GPP-SGSN-Address = 86.108.153.116
3GPP-SGSN-MCC-MNC = "28601"
3GPP-GGSN-Address = 86.108.153.126
3GPP-GGSN-MCC-MNC = "28601"
3GPP-Negotiated-DSCP = 18
3GPP-RAT-Type = 1
3GPP-Location-Info = 0x0182f610eb2acd62
3GPP-Attr-23 = 0x8020
3GPP-IMEISV = "9800670040325323"
3GPP-PDP-Type = 0
NAS-Port = 41524
User-Password = "645327067460"
3GPP-Charging-Gateway-Address = 10.200.211.27
Proxy-State = 0x3130
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Accept packet from host 10.1.1.51 port 1812, id=80,
length=24
Proxy-State = 0x3130
# Executing section post-proxy from file
/etc/freeradius/sites-enabled/default
+- entering group post-proxy {...}
[eap] No pre-existing handler found
++[eap] returns noop
Found Auth-Type = Accept
Auth-Type = Accept, accepting the user
# Executing section post-auth from file
/etc/freeradius/sites-enabled/default
+- entering group post-auth {...}
rlm_sql (sql): Reserving sql socket id: 3
[sqlippool] expand: %{User-Name} -> biryudumgida3
[sqlippool] sql_set_user escaped user --> 'biryudumgida3'
[sqlippool] expand: START TRANSACTION -> START TRANSACTION
[sqlippool] expand: UPDATE radippool SET nasipaddress = '',
pool_key = 0, callingstationid = '', username = '', expiry_time =
NULL WHERE expiry_time <= NOW() - INTERVAL 1 SECOND AND nasipaddress
= '%{Nas-IP-Address}' -> UPDATE radippool SET nasipaddress = '',
pool_key = 0, callingstationid = '', username = '', expiry_time =
NULL WHERE expiry_time <= NOW() - INTERVAL 1 SECOND AND nasipaddress
= '172.30.80.1'
[sqlippool] expand: SELECT framedipaddress FROM radippool WHERE
pool_name = '%{control:Pool-Name}' AND (expiry_time < NOW() OR
expiry_time IS NULL) ORDER BY (username <> '%{User-Name}'),
(callingstationid <> '%{Calling-Station-Id}'), expiry_time LIMIT 1 FOR
UPDATE -> SELECT framedipaddress FROM radippool WHERE pool_name =
'IP_TcellOtonomYBB' AND (expiry_time < NOW() OR expiry_time IS NULL)
ORDER BY (username <> 'biryudumgida3'), (callingstationid <>
'905303630245'), expiry_time LIMIT 1 FOR UPDATE
[sqlippool] expand: UPDATE radippool SET nasipaddress =
'%{NAS-IP-Address}', pool_key = '%{NAS-Port}', callingstationid =
'%{Calling-Station-Id}', username = '%{User-Name}', expiry_time = NOW()
+ INTERVAL 21600 SECOND WHERE framedipaddress = '172.30.64.190' AND
expiry_time IS NULL -> UPDATE radippool SET nasipaddress =
'172.30.80.1', pool_key = '41524', callingstationid = '905303630245',
username = 'biryudumgida3', expiry_time = NOW() + INTERVAL 21600
SECOND WHERE framedipaddress = '172.30.64.190' AND expiry_time IS NULL
[sqlippool] Allocated IP 172.30.64.190 [be401eac]
[sqlippool] expand: COMMIT -> COMMIT
rlm_sql (sql): Released sql socket id: 3
[sqlippool] expand: Allocated IP: %{reply:Framed-IP-Address} from
%{control:Pool-Name} (did %{Called-Station-Id} cli
%{Calling-Station-Id} port %{NAS-Port} user %{User-Name}) -> Allocated
IP: 172.30.64.190 from IP_TcellOtonomYBB (did yasarapn cli
905303630245 port 41524 user biryudumgida3)
Allocated IP: 172.30.64.190 from IP_TcellOtonomYBB (did yasarapn cli
905303630245 port 41524 user biryudumgida3)
++[sqlippool] returns ok
++[exec] returns noop
Sending Access-Accept of id 10 to 172.30.80.1 port 24144
Framed-IP-Address = 172.30.64.190
Finished request 4.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 4 ID 10 with timestamp +133
Ready to process requests.
rad_recv: Access-Request packet from host 172.30.80.1 port 24144, id=10,
length=377
Calling-Station-Id = "905303630245"
User-Name = "biryudumgida3"
NAS-IP-Address = 172.30.80.1
NAS-Identifier = "MTCGGSNK3"
Service-Type = Framed-User
Framed-Protocol = GPRS-PDP-Context
NAS-Port-Type = Wireless-Other
3GPP-IMSI = "286015918760926"
3GPP-IMSI-MCC-MNC = "28601"
3GPP-NSAPI = "5"
3GPP-Selection-Mode = "0"
3GPP-Charging-ID = 50711443
3GPP-GPRS-Negotiated-QoS-profile = "05-13921F7396F7FE74620846006400"
3GPP-Charging-Characteristics = "0800"
Called-Station-Id = "yasarapn"
3GPP-SGSN-Address = 86.108.153.116
3GPP-SGSN-MCC-MNC = "28601"
3GPP-GGSN-Address = 86.108.153.126
3GPP-GGSN-MCC-MNC = "28601"
3GPP-Negotiated-DSCP = 18
3GPP-RAT-Type = 1
3GPP-Location-Info = 0x0182f610eb2acd62
3GPP-Attr-23 = 0x8020
3GPP-IMEISV = "9800670040325323"
3GPP-PDP-Type = 0
NAS-Port = 41524
User-Password = "645327067460"
3GPP-Charging-Gateway-Address = 10.200.211.27
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "biryudumgida3", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
[sql] expand: %{User-Name} -> biryudumgida3
[sql] sql_set_user escaped user --> 'biryudumgida3'
rlm_sql (sql): Reserving sql socket id: 2
[sql] expand: SELECT id, username, attribute, value, op
FROM radcheck WHERE username = '%{SQL-User-Name}'
ORDER BY id -> SELECT id, username, attribute, value, op FROM
radcheck WHERE username = 'biryudumgida3' ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op
FROM radreply WHERE username = '%{SQL-User-Name}'
ORDER BY id -> SELECT id, username, attribute, value, op FROM
radreply WHERE username = 'biryudumgida3' ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup
WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT
groupname FROM radusergroup WHERE username =
'biryudumgida3' ORDER BY priority
[sql] expand: SELECT id, groupname, attribute, Value,
op FROM radgroupcheck WHERE groupname =
'%{Sql-Group}' ORDER BY id -> SELECT id, groupname,
attribute, Value, op FROM radgroupcheck
WHERE groupname = 'UGR_TcellOtonomYBB-Secovid' ORDER BY id
[sql] User found in group UGR_TcellOtonomYBB-Secovid
[sql] expand: SELECT id, groupname, attribute, value,
op FROM radgroupreply WHERE groupname =
'%{Sql-Group}' ORDER BY id -> SELECT id, groupname,
attribute, value, op FROM radgroupreply
WHERE groupname = 'UGR_TcellOtonomYBB-Secovid' ORDER BY id
rlm_sql (sql): Released sql socket id: 2
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
WARNING: Empty pre-proxy section. Using default return values.
Sending Access-Request of id 101 to 10.1.1.51 port 1812
Calling-Station-Id = "905303630245"
User-Name = "biryudumgida3"
NAS-IP-Address = 172.30.80.1
NAS-Identifier = "MTCGGSNK3"
Service-Type = Framed-User
Framed-Protocol = GPRS-PDP-Context
NAS-Port-Type = Wireless-Other
3GPP-IMSI = "286015918760926"
3GPP-IMSI-MCC-MNC = "28601"
3GPP-NSAPI = "5"
3GPP-Selection-Mode = "0"
3GPP-Charging-ID = 50711443
3GPP-GPRS-Negotiated-QoS-profile = "05-13921F7396F7FE74620846006400"
3GPP-Charging-Characteristics = "0800"
Called-Station-Id = "yasarapn"
3GPP-SGSN-Address = 86.108.153.116
3GPP-SGSN-MCC-MNC = "28601"
3GPP-GGSN-Address = 86.108.153.126
3GPP-GGSN-MCC-MNC = "28601"
3GPP-Negotiated-DSCP = 18
3GPP-RAT-Type = 1
3GPP-Location-Info = 0x0182f610eb2acd62
3GPP-Attr-23 = 0x8020
3GPP-IMEISV = "9800670040325323"
3GPP-PDP-Type = 0
NAS-Port = 41524
User-Password = "645327067460"
3GPP-Charging-Gateway-Address = 10.200.211.27
Proxy-State = 0x3130
Proxying request 5 to home server 10.1.1.51 port 1812
Sending Access-Request of id 101 to 10.1.1.51 port 1812
Calling-Station-Id = "905303630245"
User-Name = "biryudumgida3"
NAS-IP-Address = 172.30.80.1
NAS-Identifier = "MTCGGSNK3"
Service-Type = Framed-User
Framed-Protocol = GPRS-PDP-Context
NAS-Port-Type = Wireless-Other
3GPP-IMSI = "286015918760926"
3GPP-IMSI-MCC-MNC = "28601"
3GPP-NSAPI = "5"
3GPP-Selection-Mode = "0"
3GPP-Charging-ID = 50711443
3GPP-GPRS-Negotiated-QoS-profile = "05-13921F7396F7FE74620846006400"
3GPP-Charging-Characteristics = "0800"
Called-Station-Id = "yasarapn"
3GPP-SGSN-Address = 86.108.153.116
3GPP-SGSN-MCC-MNC = "28601"
3GPP-GGSN-Address = 86.108.153.126
3GPP-GGSN-MCC-MNC = "28601"
3GPP-Negotiated-DSCP = 18
3GPP-RAT-Type = 1
3GPP-Location-Info = 0x0182f610eb2acd62
3GPP-Attr-23 = 0x8020
3GPP-IMEISV = "9800670040325323"
3GPP-PDP-Type = 0
NAS-Port = 41524
User-Password = "645327067460"
3GPP-Charging-Gateway-Address = 10.200.211.27
Proxy-State = 0x3130
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Reject packet from host 10.1.1.51 port 1812, id=101,
length=24
Proxy-State = 0x3130
# Executing section post-proxy from file
/etc/freeradius/sites-enabled/default
+- entering group post-proxy {...}
[eap] No pre-existing handler found
++[eap] returns noop
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> biryudumgida3
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 5 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 5
Sending Access-Reject of id 10 to 172.30.80.1 port 24144
Waking up in 4.9 seconds.
Cleaning up request 5 ID 10 with timestamp +143
Ready to process requests.
####################################################3
User somes from GGSN
SQL detect username and IP pool and profile
Freeradius receive Access-Accept message from home server:
rad_recv: Access-Accept packet from host 10.1.1.51 port 1812, id=80,
length=24
Proxy-State = 0x3130
# Executing section post-proxy from file
/etc/freeradius/sites-enabled/default
+- entering group post-proxy {...}
[eap] No pre-existing handler found
++[eap] returns noop
Found Auth-Type = Accept
Auth-Type = Accept, accepting the user
# Executing section post-auth from file
/etc/freeradius/sites-enabled/default
+- entering group post-auth {...}
rlm_sql (sql): Reserving sql socket id: 3
[sqlippool] expand: %{User-Name} -> biryudumgida3
[sqlippool] sql_set_user escaped user --> 'biryudumgida3'
[sqlippool] expand: START TRANSACTION -> START TRANSACTION
Then again SQL query
Again and again.
really dont know why happen
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
<br>
<img src="http://www.yasar.com.tr/banner/yhbanner.jpg"> </img>
<br><br>
Bu elektronik postada bulunan tum fikir ve gorusler ve ekindeki dosyalar sadece adres sahip/sahiplerine ait olup, Yasar Toplulugu Sirketleri bu mesajin icerigi ile ilgili olarak hic bir hukuksal sorumlulugu kabul etmez. Eger gonderilmesi dusunulen kisi veya kurulus degilseniz, lutfen gonderen kisiyi derhal haberdar ediniz ve mesaji sisteminizden siliniz.The information contained in this e-mail and any files transmitted with it are intended solely for the use of the individual or entity to whom they are addressed and Yasar Group Companies do not accept legal responsibility for the contents. If you are not the intended recipient, please immediately notify the sender and delete it from your system.
More information about the Freeradius-Users
mailing list