Page MenuHomeVyOS Platform

Add support for running scripts on PPPoE server session events
Closed, ResolvedPublicFEATURE REQUEST

Description

This should provide the possibility to get and parse RADIUS attributes via a shell script and then execute commands. As an example add a user with a negative deposit to ipset and redirect to the captive portal.
The second scenario when it will be helpful is to create a custom shaper with some smart logic

Details

Difficulty level
Unknown (require assessment)
Version
-
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Feature (new functionality)

Event Timeline

Unknown Object (User) created this task.May 14 2021, 6:40 PM
Unknown Object (User) renamed this task from Add pppoe CLI custom script feature to Add pppoe-server CLI custom script feature .

As I understand the needed section

[pppd-compat]
verbose=1
#ip-pre-up=/etc/ppp/ip-pre-up
ip-up=/etc/ppp/ip-up
ip-down=/etc/ppp/ip-down
#ip-change=/etc/ppp/ip-change
radattr-prefix=/var/run/radattr
#fork-limit=16

@Dmitry Do you have any idea for CLI ?

Unknown Object (User) added a comment.May 26 2021, 7:11 PM

I propose something like

set service pppoe-server extended-scripts on-pre-up <path>
set service pppoe-server extended-scripts on-up <path>
set service pppoe-server extended-scripts on-down <path>
set service pppoe-server extended-scripts on-change <path>
Unknown Object (User) changed the task status from Open to In progress.Jun 1 2021, 9:02 AM
Unknown Object (User) claimed this task.
Unknown Object (User) added a comment.Jun 1 2021, 11:30 AM

PR https://github.com/vyos/vyos-1x/pull/860
To provide the possibility to read RADIUS attribute by script, also need to define radattr=/run/radattr param

Unknown Object (User) added a comment.Jun 2 2021, 8:43 AM

Extended scripts receive from PPPoE daemon the following variables:

$1 - Interface name
$4 - Tunnel GW IP address
$5 - Delegated IP address to the client
$6 - Calling Station ID (MAC)

For example, how to get received RADIUS attributes
note: In this case, Filter-Id attribute used as an indicator for block user adding to ipset

configure
set firewall group address-group blocked 
commit
#!/bin/sh

if [ -f /run/accel-pppd/radattr.$1 ]; then
     FILTER=`/bin/awk  '/Filter-Id/ {print $2}'  /run/accel-pppd/radattr.$1`
     if [ $FILTER ]; then
         ipset add $FILTER $5
     fi
fi

In log we will see

Jun 02 08:41:53 vyos accel-pppoe[1594]: eth1:: recv [RADIUS(1) Access-Accept id=1 <Filter-Id "blocked">]
...
Jun 02 08:41:53 vyos accel-pppoe[1594]: ppp0:20: recv [IPCP ConfReq id=3 <addr 100.64.0.11> <dns1 1.1.1.1>]
...
Jun 02 08:41:53 vyos accel-pppoe[1594]: ppp0:20: pppd_compat: ip-up started (pid 4198)
Jun 02 08:41:54 vyos accel-pppoe[1594]: ppp0:20: pppd_compat: ip-up finished (0)

Check ipset

vyos@vyos# run show firewall group blocked 
Name       : blocked
Type       : address
References : none
Members    :
             100.64.0.11
Unknown Object (User) changed the task status from In progress to Needs testing.Dec 2 2021, 6:07 PM
Unknown Object (User) changed the task status from Needs testing to Backport candidate.Dec 9 2021, 10:31 AM
Unknown Object (User) added a project: VyOS 1.3 Equuleus.
syncer reassigned this task from Unknown Object (User) to Viacheslav.Jul 16 2023, 9:28 PM
dmbaturin renamed this task from Add pppoe-server CLI custom script feature to Add support for running scripts on PPPoE server session events.Sep 25 2023, 1:36 PM
dmbaturin set Issue type to Feature (new functionality).