[RADIATOR] Radmin - L2TP Multihop via Radius

Heikki Vatiainen hvn at open.com.au
Mon Feb 4 17:15:58 CST 2013 

On 02/04/2013 02:01 AM, Michael Bellears wrote:

> I believe this can be accomplished from radius…eg:
> 
> testrealm.com.au            Password = "cisco"
>                 Service-Type = Outbound,
>                 Cisco-avpair = "vpdn:tunnel-type=l2tp",
>                 Cisco-avpair = "vpdn:tunnel-id=TEST7200",
>                 Cisco-avpair = "vpdn:ip-addresses=x.x.x.x",
>                 Cisco-avpair = "vpdn:source-ip=y.y.y.y",
>                 Cisco-avpair = "vpdn:l2tp-tunnel-password=xxx"
> 
> But hoping someone can provide guidance as to how this can be done
> within Radmin…i.e. in radmin.cfg?

If you already have <Realm realm1.com> then the username above should be
e.g., testrealm.com.au at realm1.com?

The above looks like a definition for user 'testrealm.com.au' with
password 'cisco' and a list of reply attributes. Adding a user with such
username works with radmin and you can then add the list of cisco-avpair
reply attributes.

What you are after is likely easily done, but I'm unsure what is the
username and what is the realm. Knowing the formatting (what are the
user and realm if the value is user at realm) of User-Name attribute for
the new DSL realm related requests would be a good starting point.

> Our existing realms are configured like so (radmin.cfg):

What about adding <Realm testrealm.com.au> and then adding users as
normally followed by clicking 'Show RADIUS attributes for User
<newuser>' and then adding the Service-Type and cisco-avpairs as Reply
Items?

I would also remove the hardcoded AddToReply from this Realm in radmin.cfg.

Thanks,
Heikki


> <Realm realm1.com>
> 
>         AuthByPolicy ContinueWhileAccept
> 
>         <AuthBy RADMIN>
> 
> DB stuff (login credentials etc)
> 
> ..
> 
>               AccountingTable RADUSAGE
> 
>                 AcctColumnDef   USERNAME,User-Name
> 
> (heap of other AcctColumnDef)
> 
> ..
> 
>                AddToReply Framed-Protocol = PPP,\
> 
>                         Framed-IP-Netmask = 255.255.255.255,\
> 
>                         Framed-Routing = None,\
> 
>                         Framed-MTU = 1500,\
> 
>                         Framed-Compression = Van-Jacobson-TCP-IP,\
> 
>                         #Fall-Through = Yes,\
> 
>                         Service-Type = "Framed-User",
> 
>         </AuthBy>
> 
> Logging stuff..
> 
> </Realm>
> 
>  
> 
> So not 100% on how this new realm would be added to radmin.cfg? 
> 
>  
> 
> Thanks in advance.
> 
>  
> 
> 
> 
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
> 


-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.

More information about the radiator mailing list