[RADIATOR] L2TP-Tunnelendpoints, round robin...

Hugh Irvine hugh at open.com.au
Wed Aug 27 04:05:52 CDT 2008 

Hello Martin -

Here are the results of my testing with this users file:


username
         Tunnel-Type = L2TP,
         Tunnel-Server-Endpoint = 1:86.59.39.56,
         Tunnel-Server-Endpoint = 2:86.59.39.58,
         Tunnel-ID = xxxxxxxx,
         Tunnel-Password = 1:firstPW,
         Tunnel-Password = 2:secondPW,
         Tunnel-Preference = 1:10,
         Tunnel-Preference = 2:20



Wed Aug 27 19:01:42 2008: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 60646 ....

Packet length = 108
01 0c 00 6c 90 9c ae 89 ec 2b cb 1f 65 ed a4 c9
68 01 51 81 01 0a 75 73 65 72 6e 61 6d 65 06 06
00 00 00 02 04 06 cb 3f 9a 01 20 0e 32 30 33 2e
36 33 2e 31 35 34 2e 31 05 06 00 00 04 d2 1e 0b
31 32 33 34 35 36 37 38 39 1f 0b 39 38 37 36 35
34 33 32 31 3d 06 00 00 00 00 02 12 43 28 50 9e
74 e9 c6 2e b0 e4 65 69 7c 20 cc 0c
Code:       Access-Request
Identifier: 12
Authentic:  <144><156><174><137><236> 
+<203><31>e<237><164><201>h<1>Q<129>
Attributes:
         User-Name = "username"
         Service-Type = Framed-User
         NAS-IP-Address = 203.63.154.1
         NAS-Identifier = "203.63.154.1"
         NAS-Port = 1234
         Called-Station-Id = "123456789"
         Calling-Station-Id = "987654321"
         NAS-Port-Type = Async
         User-Password = C(P<158>t<233><198>.<176><228>ei| <204><12>

Wed Aug 27 19:01:42 2008: DEBUG: Handling request with Handler  
'Realm=DEFAULT'
Wed Aug 27 19:01:42 2008: DEBUG:  Deleting session for username,  
203.63.154.1, 1234
Wed Aug 27 19:01:42 2008: DEBUG: Handling with Radius::AuthFILE:
Wed Aug 27 19:01:42 2008: DEBUG: Reading users file ./users.test
Wed Aug 27 19:01:42 2008: DEBUG: Radius::AuthFILE looks for match  
with username [username]
Wed Aug 27 19:01:42 2008: DEBUG: Radius::AuthFILE ACCEPT: : username  
[username]
Wed Aug 27 19:01:42 2008: DEBUG: AuthBy FILE result: ACCEPT,
Wed Aug 27 19:01:42 2008: DEBUG: Access accepted for username
Wed Aug 27 19:01:42 2008: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 60646 ....

Packet length = 119
02 0c 00 77 c7 13 fc e5 29 78 d6 49 fc d5 65 1d
89 8c 9a ca 40 06 00 00 00 03 43 0e 01 38 36 2e
35 39 2e 33 39 2e 35 36 43 0e 02 38 36 2e 35 39
2e 33 39 2e 35 38 44 0b 00 78 78 78 78 78 78 78
78 45 15 01 f9 56 35 c5 93 71 ff 4c 8c f6 9e f5
6f b0 73 4e 4b 36 45 15 02 e7 39 89 ca 1a 58 55
2e 77 14 80 ef 6e 8f c7 28 a3 4d 53 06 01 00 00
0a 53 06 02 00 00 14
Code:       Access-Accept
Identifier: 12
Authentic:  <199><19><252><229>) 
x<214>I<252><213>e<29><137><140><154><202>
Attributes:
         Tunnel-Type = L2TP
         Tunnel-Server-Endpoint = 1:86.59.39.56
         Tunnel-Server-Endpoint = 2:86.59.39.58
         Tunnel-ID = xxxxxxxx
         Tunnel-Password = "1:firstPW"
         Tunnel-Password = "2:secondPW"
         Tunnel-Preference = 1:10
         Tunnel-Preference = 2:20

OK


You will need to do some testing with your equipment to see what  
works (and what doesn't).

regards

Hugh


On 27 Aug 2008, at 18:25, Wallner Martin wrote:

> Hi All,
>
> I have a litte problem here.
>
> We are selling DialIn Ports to some resellers, they get a number  
> and we
> are forwarding the calls via L2TP from our RAS (Max TNT's) based on  
> the
> CalledStationId to their equipment. Usually, this is only one Router,
> but now one of them has surprised me with the wish that they have  
> now 2
> receiving routers, and would like to a) get both of these NASes
> populated, preferrable symmetrically and b), if possible, if one of  
> the
> routers is down, all of the traffic should go to the other one...
>
> Since this customer is reselling our product too (don't ask, we DO  
> have
> a slightly crazy market situation here), he told me that he's doing  
> this
> roundrobin with his customers on radius (he's using FreeRadius)
> decisions... here is a snipplet of the config for this in the
> userfile...
>
> ---- FreeRadius User ------------
> username
> 	Tunnel-Type += L2TP
> 	Tunnel-Server-Endpoint += :1:86.59.39.56
> 	Tunnel-Server-Endpoint += :2:86.59.39.58
> 	Tunnel-Client-Auth-Id += xxxxxxxx
> 	Tunnel-Password = :1:firstPW
> 	Tunnel-Password = :2:secondPW
> 	Tunnel-Preference += :1:10
> 	Tunnel-Preference += :2:20
> --------------------------------
>
> Is this notation also possible in a plaintext-userfile for RADIUS (so
> that the client will receive 2 Server-Endpoints?). And, since my
> customer is doing this for CISCO-Equipment and I have a TNT here as a
> RAS, is the TNT understanding (and capable of handling) this special
> setup?
>
> regards
> Martin Wallner
>
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator



NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

More information about the radiator mailing list