rlm_sqlippool allocating duplicate IPs

Phil Mayers p.mayers at imperial.ac.uk
Wed Dec 2 14:46:30 CET 2009


Phil Mayers wrote:
> All,
> 
> I've just become aware of a rather annoying problem with our PPTP VPN 
> server. Sometimes, a client will connect, disconnect and reconnect in 
> quick succession. In these circumstances, there seems to be a window 
> which an IP can remain allocated to a live VPN session, but is marked as 
> free in the SQL table, causing subsequent clients to connect, be 
> allocated the IP, and fail to get any connectivity.

ACK!

Shortly after sending this email, we found the problem and it's truly 
vile. It's nothing to do with FreeRadius at all, except tangentially - 
what's actually happening is that the PPTP client is closing the PPP LCP 
layer and re-opening it on the same PPTP control/data channel.

This results in a very rapid set of:

1. access-request
   nas-port-id = 100

2. access-accept
   framedipaddress = 192.168.1.100

3. acct-start
   acctsessionid = 4B151C655A0000
   nas-port-id = 100
   framedipaddress = 192.168.1.100

4. acct-stop
   nas-port-id = 100
   framedipaddress = 192.168.1.100
   acctterminatecause = user-request

5. access-request
   nas-port-id = 100

6. access-accept
   framedipaddress = 192.168.1.100

7. acct-start
   acctsessionid = 4B151C685A0001
   nas-port-id = 100
   framedipaddress = 192.168.1.100


I am assuming the radius packet for #5 actually arrives before the 
accounting stop in #4, thus the accounting-stop then marks the IP free, 
and the problem occurs.

Bah.

I can probably work around this by unallocating the "allocate-clear" 
query in rlm_sqlippool.

Sick..



More information about the Freeradius-Users mailing list