Cisco LNS realm redirection
Hi List Im just looking to see if someone can point me in the right direction. I have a slight issue in that im trying to repoint a PPP session that is terminating on a cisco LNS(5.5.5.5) from a DSL carrier (TT/BTW) to another LNS (6.6.6.6) (but the carrier (TT/BTW) dont get to see the customer LNS direct). We get the initial request from the carrier and send back an access accept to the carrier to land this on the LNS which is all fine, then we get the access request from our LNS which we then need to reply back with a different LNS IP (6.6.6.6) instead of itself (5.5.5.5) to tell the cisco LNS to forward the PPP session onto the other LNS. Would be good if we can do this based on realm. Is this possible and whats the best way of achieving this as there seems little info on how to achieve this. Im running freeradius 2.1.12 Many thanks in advance. Radius output below: Rich ============================================================================== Access-Request Id 159 1.1.1.1:1812 -> 2.2.2.2:1812 +4237.896 User-Name = "username@realm" CHAP-Password = 0x01d4aa02ffc6c1364cb2bf3ec9675019a2 CHAP-Challenge = 0xa771f601cd1ffd8b376661995e5a4e09 Service-Type = Framed-User Framed-Protocol = PPP NAS-Identifier = "lts001.hex" NAS-Port = 2432808109 NAS-Port-Type = Virtual NAS-Port-Id = "L2TP LNS 111789" Medium-Type = DSL Connect-Info = "14144000/1057000" Platform-Type = SmartEdge-800 OS-Version = "12.1.1.9" Tunnel-Type:0 = L2TP Tunnel-Medium-Type:0 = IPv4 Tunnel-Server-Endpoint:0 = "10.177.255.128" Tunnel-Client-Endpoint:0 = "10.160.71.32" Tunnel-Server-Auth-Id:0 = "lts001.hex" Tunnel-Client-Auth-Id:0 = "nge001.sou-re0" Tunnel-Max-Sessions = 65535 Tunnel-Max-Tunnels = 32767 Redback-Attr-226 = 0x0000001e Tunnel-Function = LNS-Only Acct-Tunnel-Connection = "nge001.sou-re0/10.160.71.32:32009:29879" LAC-Port = 34699 Calling-Station-Id = " eth 0/3/1:101@FTTC" Access-Accept Id 159 2.2.2.2:1812 -> 1.1.1.1:1812 +4237.934 Tunnel-Server-Endpoint:0 = "5.5.5.5" Tunnel-Type:0 = L2TP Tunnel-Client-Auth-Id:0 = "XXXXXX-TT" Attr-69 = 0x00ba01f1c9da158a65f05e6965298b8b28548e Tunnel-Preference:0 = 1 Cisco-AVPair = "ip:ip-unnumbered=Loopback 1" ============================================================================== Access-Request Id 20 3.3.3.3:1645 -> 4.4.4.4:1812 +4238.251 Framed-Protocol = PPP User-Name = "username@realm" CHAP-Password = 0x02fb4271c598e5b5f54f53d246c7afe7b3 Calling-Station-Id = " eth 0/3/1:101@FTTC" Connect-Info = "14144000/1057000" NAS-Port-Type = ISDN NAS-Port = 20035 NAS-Port-Id = "Uniq-Sess-ID35" Service-Type = Framed-User NAS-IP-Address = 3.3.3.3 Access-Accept Id 20 4.4.4.4:1812 -> 3.3.3.3:1645 +4238.281 Tunnel-Server-Endpoint:0 = "5.5.5.5" Tunnel-Type:0 = L2TP Tunnel-Client-Auth-Id:0 = "XXXXXX-TT" Attr-69 = 0x00c5f560efa721d0f0cd39b73e64ca1145004a Tunnel-Preference:0 = 1 Cisco-AVPair = "ip:ip-unnumbered=Loopback 1" ----------------------------------- *NEEDS TO SAY:* Tunnel-Server-Endpoint:0 = "6.6.6.6" Tunnel-Type:0 = L2TP Tunnel-Client-Auth-Id:0 = "XXXXXXX-TT" Attr-69 = 0x00c5f560efa721d0f0cd39b73e64ca1145004a Tunnel-Preference:0 = 1 ==============================================================================
On Mar 13, 2017, at 12:49 PM, Richard Savage <rich@quavey.co.uk> wrote:
Im just looking to see if someone can point me in the right direction. I have a slight issue in that im trying to repoint a PPP session that is terminating on a cisco LNS(5.5.5.5) from a DSL carrier (TT/BTW) to another LNS (6.6.6.6) (but the carrier (TT/BTW) dont get to see the customer LNS direct). We get the initial request from the carrier and send back an access accept to the carrier to land this on the LNS which is all fine, then we get the access request from our LNS which we then need to reply back with a different LNS IP (6.6.6.6) instead of itself (5.5.5.5) to tell the cisco LNS to forward the PPP session onto the other LNS. Would be good if we can do this based on realm. Is this possible and whats the best way of achieving this as there seems little info on how to achieve this.
Im running freeradius 2.1.12
Honestly... upgrade. 2.1.12 is many years old. The newer versions are better, simpler, and have better documentation.
----------------------------------- *NEEDS TO SAY:* Tunnel-Server-Endpoint:0 = "6.6.6.6" Tunnel-Type:0 = L2TP Tunnel-Client-Auth-Id:0 = "XXXXXXX-TT" Attr-69 = 0x00c5f560efa721d0f0cd39b73e64ca1145004a Tunnel-Preference:0 = 1 ==============================================================================
So... edit raddb/sites-enabled/default to do that. We don't know where these values come from, so we can't really offer any detailed suggestion. i.e. the only reason the server answers A instead of B is because you told it to answer A. If you want it to answer B, well... tell it to answer B. Alan DeKok.
participants (2)
-
Alan DeKok -
Richard Savage