Page MenuHomeVyOS Platform
Create Task
Maniphest T3546

Add support for running scripts on PPPoE server session events
Closed, ResolvedPublicFEATURE REQUEST
Actions

Description

This should provide the possibility to get and parse RADIUS attributes via a shell script and then execute commands. As an example add a user with a negative deposit to ipset and redirect to the captive portal.
The second scenario when it will be helpful is to create a custom shaper with some smart logic

Details

Difficulty level
Unknown (require assessment)
Version
-
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Feature (new functionality)

Related Objects

Event Timeline

Dmitry renamed this task from Add pppoe CLI custom script feature to Add pppoe-server CLI custom script feature .May 14 2021, 6:40 PM
Dmitry created this task.
pasik added a subscriber: pasik.May 14 2021, 7:28 PM
Viacheslav added a subscriber: Viacheslav.May 26 2021, 3:52 PM

As I understand the needed section

[pppd-compat]
verbose=1
#ip-pre-up=/etc/ppp/ip-pre-up
ip-up=/etc/ppp/ip-up
ip-down=/etc/ppp/ip-down
#ip-change=/etc/ppp/ip-change
radattr-prefix=/var/run/radattr
#fork-limit=16

@Dmitry Do you have any idea for CLI ?

Dmitry added a comment.May 26 2021, 7:11 PM

I propose something like

set service pppoe-server extended-scripts on-pre-up <path>
set service pppoe-server extended-scripts on-up <path>
set service pppoe-server extended-scripts on-down <path>
set service pppoe-server extended-scripts on-change <path>
Dmitry changed the task status from Open to In progress.Jun 1 2021, 9:02 AM
Dmitry claimed this task.
Dmitry added a comment.Jun 1 2021, 11:30 AM

PR https://github.com/vyos/vyos-1x/pull/860
To provide the possibility to read RADIUS attribute by script, also need to define radattr=/run/radattr param

Dmitry added a comment.Jun 2 2021, 8:43 AM

Extended scripts receive from PPPoE daemon the following variables:

$1 - Interface name
$4 - Tunnel GW IP address
$5 - Delegated IP address to the client
$6 - Calling Station ID (MAC)

For example, how to get received RADIUS attributes
note: In this case, Filter-Id attribute used as an indicator for block user adding to ipset

configure
set firewall group address-group blocked 
commit
#!/bin/sh

if [ -f /run/accel-pppd/radattr.$1 ]; then
     FILTER=`/bin/awk  '/Filter-Id/ {print $2}'  /run/accel-pppd/radattr.$1`
     if [ $FILTER ]; then
         ipset add $FILTER $5
     fi
fi

In log we will see

Jun 02 08:41:53 vyos accel-pppoe[1594]: eth1:: recv [RADIUS(1) Access-Accept id=1 <Filter-Id "blocked">]
...
Jun 02 08:41:53 vyos accel-pppoe[1594]: ppp0:20: recv [IPCP ConfReq id=3 <addr 100.64.0.11> <dns1 1.1.1.1>]
...
Jun 02 08:41:53 vyos accel-pppoe[1594]: ppp0:20: pppd_compat: ip-up started (pid 4198)
Jun 02 08:41:54 vyos accel-pppoe[1594]: ppp0:20: pppd_compat: ip-up finished (0)

Check ipset

vyos@vyos# run show firewall group blocked 
Name       : blocked
Type       : address
References : none
Members    :
             100.64.0.11
Dmitry changed the task status from In progress to Needs testing.Dec 2 2021, 6:07 PM
Dmitry mentioned this in T2584: pppoe-server NAS-Filter-Rule attribute.Dec 3 2021, 5:39 PM
Dmitry changed the task status from Needs testing to Backport candidate.Dec 9 2021, 10:31 AM
Dmitry added a project: VyOS 1.3 Equuleus.
syncer edited projects, added VyOS 1.3 Equuleus (1.3.2); removed VyOS 1.3 Equuleus, VyOS 1.4 Sagitta.Aug 14 2022, 1:05 PM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.3); removed VyOS 1.3 Equuleus (1.3.2).Aug 29 2022, 12:14 PM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.4); removed VyOS 1.3 Equuleus (1.3.3).Jul 12 2023, 9:39 PM
syncer reassigned this task from Dmitry to Viacheslav.Jul 16 2023, 9:28 PM
Viacheslav added a comment.Aug 25 2023, 10:18 AM

PR f or 1.3.4 https://github.com/vyos/vyos-1x/pull/2168

syncer edited projects, added VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).Aug 25 2023, 9:29 PM
Viacheslav closed this task as Resolved.Aug 31 2023, 3:53 PM
Viacheslav edited projects, added VyOS 1.3 Equuleus (1.3.4); removed VyOS 1.3 Equuleus (1.3.5).
Viacheslav moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.4) board.
dmbaturin mentioned this in 1.3.4.Sep 14 2023, 1:07 PM
dmbaturin renamed this task from Add pppoe-server CLI custom script feature to Add support for running scripts on PPPoE server session events.Sep 25 2023, 1:36 PM
dmbaturin set Issue type to Feature (new functionality).