[Wimax TTLS with Alcatel - Lucent ASN GW]
Thomas Fagart
tfagart at brozs.net
Fri Apr 3 01:27:46 CEST 2009
Hello,
First thanks again for this new release that adds very interesting
features for debug, specially raddebug and radmin.
Using basic setup, Freeradius successfully authenticate request coming
from CPE Wimax through ASN Alcatel GW (called WAC) using EAP/TTLS
Fri Apr 3 01:05:10 2009 : Auth: Login OK: [00210400E0D7 at test.fr/<via
Auth-Type = EAP>] (from client wimax port 0 cli 00-21-04-00-E0-D7)
Fri Apr 3 01:05:19 2009 : Auth: Login OK: [cpe2-lab at test.fr/<via
Auth-Type = mschap>] (from client wimax port 0 via TLS tunnel)
I now have 2 issues to fill properly the access accept with correct
attribute. (This needs might be weird, but it is the way this ASN GW works)
1. I would like that the outer access accept contains attributes coming
from the inner access accept
So I tried to use the update outer.reply on post-auth section of the
inner-tunnel virtual server
update outer.reply {
#User-Name = "%{request:User-Name}"
WiMAX-Packet-Data-Flow-Id =
"%{request:WiMAX-Packet-Data-Flow-Id}"
}
But as I understand, you can only use "request" from the inner tunnel,
but not the attribute contained in the reply of the inner tunnel. Is
that true ? Is there a way to do that.
To be more precise this is the reply in the inner tunnel
Fri Apr 3 01:13:33 2009
Packet-Type = Access-Accept
WiMAX-Packet-Data-Flow-Id = 1
WiMAX-Service-Data-Flow-Id = 1
WiMAX-Service-Profile-Id = 1
WiMAX-Direction = Bi-Directional
WiMAX-QoS-Id = 1
WiMAX-Media-Flow-Type = Robust-Browser
WiMAX-Schedule-Type = Best-Effort
WiMAX-Traffic-Priority = 0
WiMAX-Maximum-Sustained-Traffic-Rate = 512000
MS-CHAP2-Success =
0xdf533d37443041423038393133393032414333353841304630414336383132453546434243364130323046
MS-MPPE-Recv-Key = 0x1d7c9b57392b589e2849640bad969199
MS-MPPE-Send-Key = 0x4aa107e5fa9573846af44d21c5080749
MS-MPPE-Encryption-Policy = 0x00000001
MS-MPPE-Encryption-Types = 0x00000006
and the one in the outer tunnel
Fri Apr 3 01:13:34 2009
Packet-Type = Access-Accept
MS-MPPE-Recv-Key =
0x6b185c55d7785700e6f52c9ae0160945476aa4ab9e5b699dc6cffb5427c06395
MS-MPPE-Send-Key =
0x009d98e233e6911f97346381a77e90d01b7d41b3aa82dbf6ce56f54bb9b2598b
EAP-MSK =
0x6b185c55d7785700e6f52c9ae0160945476aa4ab9e5b699dc6cffb5427c06395009d98e233e6911f97346381a77e90d01b7d41b3aa82dbf6ce56f54bb9b2598b
EAP-EMSK =
0xc5f48626093f9313c5090254ffc375d4594bf6570025a260801e4b8d0ff852167d0748bd50b27d214b0ee67c1bbe1a4395faf094a8cb56663177fa8f32586f40
EAP-Message = 0x03f00004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "00210400E0D7 at test.fr"
I would like the reply of the outer tunnel to contain all the Wimax
Attribute I got in the inner.
2. For some weird reason again, Alcatel ASN needs to receive two times
the same attribute with differente value (Actually this
WiMAX-QoS-Descriptor (TLV Attribute))
I guess this is not very compliant with RFC, but is there a way to send
2 times the same attribute in the same reply.
I've tried that but without surprise this send only the first part of
the attribute
cpe2-lab at test.fr Cleartext-Password := "xxx"
WiMAX-Packet-Data-Flow-Id=1,
WiMAX-Service-Data-Flow-Id=1,
WiMAX-Service-Profile-Id=1,
WiMAX-Direction=Bi-Directional,
WiMAX-QoS-Id=01,
WiMAX-Media-Flow-Type=Robust-Browser,
WiMAX-Schedule-Type=BEST-EFFORT,
WiMAX-Traffic-Priority=0,
WiMAX-Maximum-Sustained-Traffic-Rate=512000,
WiMAX-QoS-Id=02,
WiMAX-Media-Flow-Type=Robust-Browser,
WiMAX-Schedule-Type=BEST-EFFORT,
WiMAX-Traffic-Priority=0,
WiMAX-Maximum-Sustained-Traffic-Rate=512000
Maybe using perl module in the post-auth ?
Thanks
Thomas Fagart
More information about the Freeradius-Users
mailing list