This should provide the possibility to get and parse RADIUS attributes via a shell script and then execute commands. As an example add a user with a negative deposit to ipset and redirect to the captive portal.
The second scenario when it will be helpful is to create a custom shaper with some smart logic
Description
Description
Details
Details
- Version
- -
- Is it a breaking change?
- Unspecified (possibly destroys the router)
- Issue type
- Feature (new functionality)
Related Objects
Related Objects
Event Timeline
Comment Actions
As I understand the needed section
[pppd-compat] verbose=1 #ip-pre-up=/etc/ppp/ip-pre-up ip-up=/etc/ppp/ip-up ip-down=/etc/ppp/ip-down #ip-change=/etc/ppp/ip-change radattr-prefix=/var/run/radattr #fork-limit=16
@Dmitry Do you have any idea for CLI ?
Comment Actions
I propose something like
set service pppoe-server extended-scripts on-pre-up <path> set service pppoe-server extended-scripts on-up <path> set service pppoe-server extended-scripts on-down <path> set service pppoe-server extended-scripts on-change <path>
Comment Actions
PR https://github.com/vyos/vyos-1x/pull/860
To provide the possibility to read RADIUS attribute by script, also need to define radattr=/run/radattr param
Comment Actions
Extended scripts receive from PPPoE daemon the following variables:
$1 - Interface name $4 - Tunnel GW IP address $5 - Delegated IP address to the client $6 - Calling Station ID (MAC)
For example, how to get received RADIUS attributes
note: In this case, Filter-Id attribute used as an indicator for block user adding to ipset
configure set firewall group address-group blocked commit
#!/bin/sh if [ -f /run/accel-pppd/radattr.$1 ]; then FILTER=`/bin/awk '/Filter-Id/ {print $2}' /run/accel-pppd/radattr.$1` if [ $FILTER ]; then ipset add $FILTER $5 fi fi
In log we will see
Jun 02 08:41:53 vyos accel-pppoe[1594]: eth1:: recv [RADIUS(1) Access-Accept id=1 <Filter-Id "blocked">] ... Jun 02 08:41:53 vyos accel-pppoe[1594]: ppp0:20: recv [IPCP ConfReq id=3 <addr 100.64.0.11> <dns1 1.1.1.1>] ... Jun 02 08:41:53 vyos accel-pppoe[1594]: ppp0:20: pppd_compat: ip-up started (pid 4198) Jun 02 08:41:54 vyos accel-pppoe[1594]: ppp0:20: pppd_compat: ip-up finished (0)
Check ipset
vyos@vyos# run show firewall group blocked Name : blocked Type : address References : none Members : 100.64.0.11