Page MenuHomeVyOS Platform
Create Task
Maniphest T2631

l2tp, sstp, pptp add option to disable radius accounting
Closed, ResolvedPublic
Actions

Description

Currently l2tp, sstp and pptp requires accounting for radius to be enabled or the connection will be closed from the server.
Suggestion to add option:
disable-accounting
set vpn pptp remote-access authentication radius disable-accounting
set vpn l2tp remote-access authentication radius disable-accounting
set vpn sstp remote-access authentication radius disable-accounting

Details

Difficulty level
Unknown (require assessment)
Version
VyOS 1.3-rolling-202006170117
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Feature (new functionality)

Event Timeline

klase created this task.Jun 23 2020, 5:55 AM
klase created this object in space S1 VyOS Public.
pasik added a subscriber: pasik.Jun 23 2020, 7:35 AM
Viacheslav added a subscriber: Viacheslav.Oct 21 2020, 4:47 PM

@Dmitry Your suggestions? Is it possible?
What parameter do we need to change?

Dmitry added a comment.EditedOct 21 2020, 5:00 PM

@Viacheslav if we set acct-port=0 it should to disable accounting.

[radius]
server=x.x.x.x,secret,auth-port=1812,acct-port=0
Viacheslav added a comment.Oct 22 2020, 3:28 PM

PR https://github.com/vyos/vyos-1x/pull/581

Before config

[email protected]# grep "server=" /run/accel-pppd/*.conf
/run/accel-pppd/l2tp.conf:server=100.64.0.2,foo,auth-port=1812,acct-port=1813,req-limit=0,fail-time=0
/run/accel-pppd/pptp.conf:server=100.64.0.2,fo,auth-port=1812,acct-port=1813,req-limit=0,fail-time=0
/run/accel-pppd/sstp.conf:server=100.64.0.2,foo,auth-port=1812,acct-port=1813,req-limit=0,fail-time=0

Configure disable radius option

[email protected]# set vpn l2tp remote-access authentication radius server 100.64.0.2 disable-accounting
[edit]
[email protected]# set vpn sstp authentication radius server 100.64.0.2 disable-accounting
[edit]
[email protected]# set vpn pptp remote-access authentication radius server 100.64.0.2 disable-accounting
[edit]
[email protected]# commit
[edit]
[email protected]#

Configs after commit

[email protected]# grep "server=" /run/accel-pppd/*.conf
/run/accel-pppd/l2tp.conf:server=100.64.0.2,foo,auth-port=1812,acct-port=0,req-limit=0,fail-time=0
/run/accel-pppd/pptp.conf:server=100.64.0.2,fo,auth-port=1812,acct-port=0,req-limit=0,fail-time=0
/run/accel-pppd/sstp.conf:server=100.64.0.2,foo,auth-port=1812,acct-port=0,req-limit=0,fail-time=0
[edit]
[email protected]#
Viacheslav added a comment.Oct 27 2020, 7:15 PM

@klase Check these options in the next rolling release (after 20201027)

set vpn l2tp remote-access authentication radius server 100.64.0.2 disable-accounting
set vpn sstp authentication radius server 100.64.0.2 disable-accounting
set vpn pptp remote-access authentication radius server 100.64.0.2 disable-accounting
klase added a comment.Oct 27 2020, 7:55 PM

I will check it tomorrow and verify operation. Thank you!

klase added a comment.Oct 28 2020, 2:12 PM

I have tested both SSTP and L2TP and it works as expected - thank you for this addition!

Dmitry closed this task as Resolved.Oct 28 2020, 3:59 PM
c-po moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus board.Nov 23 2020, 5:22 PM
erkin set Issue type to Feature (new functionality).Aug 29 2021, 2:11 PM
erkin removed a subscriber: Active contributors.
syncer edited projects, added VyOS 1.3 Equuleus (1.3.0); removed VyOS 1.3 Equuleus.Aug 29 2022, 12:26 PM
syncer moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.0) board.