It's impossible to specify the IP address to include into NAS-IP-Address Radius attribute for vpn l2tp. While we definitely can do it in [l2tp] section of accel-ppp package used in VyOS.
Need a configuration option for vpn l2tp section so that we can specify nas-ip-address there which will be sent in NAS-IP-Address Radius attribute.
This is the same as for NAS-identifier which IS configurable.
Thank you.
Alexander
Description
Description
Details
Details
- Difficulty level
- Unknown (require assessment)
- Version
- 1.4
- Why the issue appeared?
- Will be filled on close
- Is it a breaking change?
- Unspecified (possibly destroys the router)
- Issue type
- Unspecified (please specify)
Event Timeline
Comment Actions
@aserkin Could you send an example of the required accel-ppp section? And how do you see this command in VyOS CLI?
Comment Actions
Hi Viacheslav
Sorry, i probably misspelled the config option. Actually it's availabe at [radius] section of accel-ppp.conf.
Below is the [radius] section from my /run/accel-pppd/l2tp.conf after i changed
/usr/libexec/vyos/conf_mode/vpn_l2tp.py:
default_config_data = (
…
‘radius_nas_ip’: ‘10.10.10.1’
…
}
and reboot:
[radius]
verbose=1
server=10.20.1.18,secret,auth-port=1812,acct-port=1813,req-limit=0,fail-time=0
acct-timeout=3
timeout=3
max-try=3
nas-identifier=vyos-lns-1
nas-ip-address=10.10.10.1
bind=10.10.10.1
gw-ip-address=192.168.0.1
So i guess the config option could be as follows:
set vpn l2tp remote-access authentication radius nas-ip-address '10.10.10.1'
Where the value '10.10.10.1' can be the address of one of the interfaces available on the box - dummy or physical.