15 Dec
2007
15 Dec
'07
10:14 a.m.
Bjørn Mork wrote:
We've been strugglig with CoA and LI on Juniper E-series. The problem is that JUNOSe by default require a few salt-encrypted VSAs also when using CoA, which means that they must be encrypted using an accounting request authenticator.
Ah, OK.
The attached patch will use an accounting request authenticator when salt-encrypting for accounting, disconnect or coa. It has been verified to work against JUNOSe 7.3.4:
I've applied it, with one change: the default for packets is to use original->request. This lets it work normally for CoA-ACK and Disconnect-Ack, too. With the patch as posted, it wouldn't work for those two packets. It's a bit of a corner case, but it's worth thinking about. Alan DeKok.