GGSN/APN Freeradius and Proxy
Tevfik Ceydeliler
tevfik.ceydeliler at astron.yasar.com.tr
Tue Feb 24 16:14:42 CET 2015
On 02/24/2015 03:39 PM, Alan DeKok wrote:
> On Feb 24, 2015, at 8:25 AM, Tevfik Ceydeliler <tevfik.ceydeliler at astron.yasar.com.tr> wrote:
>> I wonder this really. Becaue I try to move all user from MS-IAS to Freeradius to use IP pool. So, those users are defined on IAs and works well. 10.1.1.51 is my OTP server.
> Well.. look at it’s logs to see why it’s rejecting the user.
I use Kobil Secovid as Motp , home server and its log very primitive
like this:
"Tue Feb 24 11:40:21 2015: sending reject for vantacgida4's query from
10.43.1.51"
It not help me to understand why reject.
>
>> But, both Real connection from GSM and NTradping use same proxy and home servers. 10.1.1.51. So there is only one difference is that coming packet from GGSN.
>> Little bit more hint please :)
> There’s no “hint” needed. Look at the logs on the home server.
>
> Or, look at the packets. See what the differences are between the ones that succeed, and ones that fail. Those differences are causing the failure.
Differences are very obvious:
rad_recv: Access-Request packet from host 172.30.80.1 port 24208,
id=136, length=372
Comes from GGSN:
Calling-Station-Id = "905344776557"
User-Name = "vantacgida4"
NAS-IP-Address = 172.30.80.1
NAS-Identifier = "MTCGGSNK3"
Service-Type = Framed-User
Framed-Protocol = GPRS-PDP-Context
NAS-Port-Type = Wireless-Other
3GPP-IMSI = "286015326539253"
3GPP-IMSI-MCC-MNC = "28601"
3GPP-NSAPI = "5"
3GPP-Selection-Mode = "0"
3GPP-Charging-ID = 151347210
3GPP-GPRS-Negotiated-QoS-profile = "05-13921F7396F7FE74620846006400"
3GPP-Charging-Characteristics = "0800"
Called-Station-Id = "yasarapn"
3GPP-SGSN-Address = 86.108.153.243
3GPP-SGSN-MCC-MNC = "28601"
3GPP-GGSN-Address = 86.108.153.126
3GPP-GGSN-MCC-MNC = "28601"
3GPP-Negotiated-DSCP = 18
3GPP-RAT-Type = 1
3GPP-Location-Info = 0x0182f610ebaa0678
3GPP-Attr-23 = 0x8020
3GPP-IMEISV = "3539230324392801"
3GPP-PDP-Type = 0
NAS-Port = 121000
User-Password = "5080+00526417"
3GPP-Charging-Gateway-Address = 10.200.211.27
ANd comes from Local:
rad_recv: Access-Request packet from host 10.65.8.117 port 53599, id=4,
length=51
User-Name = "kivanccepel"
User-Password = "475295016226"
When I look at logs, at the end of sql query everything is ok. But IN
GGSN case, after sql returns OK, All Access request send to proxy
server. But Only username and password should send to proxy.again and
again as u see in log:
I mean, freeradius send this:
Sending Access-Request of id 235 to 10.1.1.51 port 1812
Calling-Station-Id = "905344776557"
User-Name = "vantacgida4"
NAS-IP-Address = 172.30.80.1
NAS-Identifier = "MTCGGSNK3"
Service-Type = Framed-User
Framed-Protocol = GPRS-PDP-Context
NAS-Port-Type = Wireless-Other
3GPP-IMSI = "286015326539253"
...
...
3GPP-PDP-Type = 0
NAS-Port = 121000
User-Password = "5080+00526417"
3GPP-Charging-Gateway-Address = 10.200.211.27
Proxy-State = 0x323130
Then I get:
Sending duplicate proxied request to home server 10.1.1.51 port 1812 -
ID: 235
rad_recv: Access-Reject packet from host 10.1.1.51 port 1812, id=235,
length=25
But only should sed these:
Sending Access-Request of id 235 to 10.1.1.51 port 1812
User-Name = "vantacgida4"
User-Password = "5080+00526417"
other values not necessary.
Because home-server logs are primitive cant have an idea.
Maybe If there was and radius packet analyzer or monitor exist I can see
what is wrong..
>
> Those are your *only* options. There is no magic here.
>
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
<br>
<img src="http://www.yasar.com.tr/banner/yhbanner.jpg"> </img>
<br><br>
Bu elektronik postada bulunan tum fikir ve gorusler ve ekindeki dosyalar sadece adres sahip/sahiplerine ait olup, Yasar Toplulugu Sirketleri bu mesajin icerigi ile ilgili olarak hic bir hukuksal sorumlulugu kabul etmez. Eger gonderilmesi dusunulen kisi veya kurulus degilseniz, lutfen gonderen kisiyi derhal haberdar ediniz ve mesaji sisteminizden siliniz.The information contained in this e-mail and any files transmitted with it are intended solely for the use of the individual or entity to whom they are addressed and Yasar Group Companies do not accept legal responsibility for the contents. If you are not the intended recipient, please immediately notify the sender and delete it from your system.
More information about the Freeradius-Users
mailing list