conditional attribute rewrite.

Benedikt Sveinsson benedikts at
Wed Dec 9 12:53:34 CET 2020

I have a particular problem with our service structure

We are getting rid of old freeradius servers that have been operational for years and centralizing everything into two radius servers

Due to different access networks , Some users are connected to BNG services that can only terminate or forward to a LNS

The users (realm) that are forwarded to the LNS first get a response from our prod radius with modified attributes through the legacy attr file were we add the VPDN config, and then proxied to the old legacy Radius. Our Old LNS then receives the session and authenticates with the legacy radius.

Client -> BNG  - radius to prod Radius – gets VPDN info towards LNS and proxies auth to legacy radius.
Client -> LNS  - authenticates to the legacy radius

This is all and well, but we have new LNS routers that are going to be terminating these sessions.

Now the issue is that I need to be able (if possible to only rewrite the attr (insert LNS / VPN info) if the requests comes from the BNG gateways as they can‘t terminate some of the special realms. (only do normal pppoe users)
But when the auth requests comes from the LNS – it shoud not get the VPDN config – else it will just loop.

Is it possible to conditionally add the attributes I need based on the NAS / NAS-IP or some other identifier ?
(basically I‘m using the routers both for LNS and terminate locally)

I have searched and I‘m bit lost both between the legacy config and „new“.

- Benni

More information about the Freeradius-Users mailing list