Page MenuHomeVyOS Platform
Create Task
Maniphest T6432

DAE/DM/COA
Open, NormalPublicBUG
Actions

Description

DAE Server isnt working, port dont bind, think its a bug with config_chap_secrets_radius.j2 or another script

VYOS-CONFIG:

access-concentrator ZUM
authentication {

mode radius
protocols pap
radius {
    accounting-interim-interval 180
    dynamic-author {
        key mikrotik
        port 3799
        server 179.124.24.27
    }
    nas-identifier VYOS
    nas-ip-address 179.124.24.27
    rate-limit {
        attribute Mikrotik-Rate-Limit
        enable
        multiplier 1
        vendor Mikrotik
    }
    server 179.124.24.9 {
        key mikrotik
    }
    source-address 179.124.24.27
}

}
client-ip-pool zum {

range 100.80.0.0/24

}
default-pool zum
gateway-address 10.50.1.2
interface eth1 {
}
limits {

timeout 30

}
max-concurrent-sessions 2
mtu 1492
name-server 179.124.24.5
name-server 179.124.24.6
ppp-options {

disable-ccp
ipv4 allow
lcp-echo-failure 1
lcp-echo-interval 10
lcp-echo-timeout 20
mppe prefer

}
session-control replace

NETSTAT:
root@vyos:/home/vyos# netstat -na | more
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 127.0.0.1:2623 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:2617 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:2616 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:2612 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:2609 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:2608 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:2605 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:2604 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:2602 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:2601 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22014 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:2001 0.0.0.0:* LISTEN
tcp 0 128 179.124.24.27:22014 177.204.213.47:58733 ESTABLISHED
tcp6 0 0 ::1:2603 :::* LISTEN
tcp6 0 0 ::1:2606 :::* LISTEN
tcp6 0 0 ::1:2622 :::* LISTEN
tcp6 0 0 :::22014 :::* LISTEN
udp 0 0 0.0.0.0:3784 0.0.0.0:*
udp 0 0 0.0.0.0:123 0.0.0.0:*
udp 0 0 127.0.0.1:323 0.0.0.0:*
udp 0 0 0.0.0.0:4784 0.0.0.0:*
udp6 0 0 :::3784 :::*
udp6 0 0 :::3785 :::*
udp6 0 0 :::123 :::*
udp6 0 0 ::1:323 :::*
udp6 0 0 :::4784 :::*
raw 0 0 0.0.0.0:255 0.0.0.0:* 7
raw6 0 0 :::103 :::* 7
raw6 0 0 :::58 :::* 7
raw6 1792 0 :::58 :::* 7

config_chap_secrets_radius.j2

{% if authentication.mode is vyos_defined('local') %}
[chap-secrets]
chap-secrets={{ chap_secrets_file }}
{% elif authentication.mode is vyos_defined('radius') %}
[radius]
verbose=1
{% for server, options in authentication.radius.server.items() if not options.disable is vyos_defined %}
server={{ server }},{{ options.key }},auth-port={{ options.port }},acct-port={{ options.acct_port }},req-limit=0,fail-time={{ options.fail_time }}
{% endfor %}
{% if authentication.radius.accounting_interim_interval is vyos_defined %}
acct-interim-interval={{ authentication.radius.accounting_interim_interval }}
{% endif %}
{% if authentication.radius.acct_interim_jitter is vyos_defined %}
acct-interim-jitter={{ authentication.radius.acct_interim_jitter }}
{% endif %}
acct-timeout={{ authentication.radius.acct_timeout }}
timeout={{ authentication.radius.timeout }}
max-try={{ authentication.radius.max_try }}
{% if authentication.radius.nas_identifier is vyos_defined %}
nas-identifier={{ authentication.radius.nas_identifier }}
{% endif %}
{% if authentication.radius.nas_ip_address is vyos_defined %}
nas-ip-address={{ authentication.radius.nas_ip_address }}
{% endif %}
{% if authentication.radius.source_address is vyos_defined %}
bind={{ authentication.radius.source_address }}
{% endif %}
{% if authentication.radius.dynamic_author.server is vyos_defined %}
dae-server={{ authentication.radius.dynamic_author.server }}:{{ authentication.radius.dynamic_author.port }},{{ authentication.radius.dynamic_author.key }}
{% endif %}
{% endif %}
{# Both chap-secrets and radius block required the gw-ip-address #}
{% if authentication.mode is vyos_defined('local') or authentication.mode is vyos_defined('radius') %}
{% if gateway_address is vyos_defined %}
{% if server_type == 'ipoe' %}
{% for gw in gateway_address %}
{% set host_address, _ = gw.split('/') %}
gw-ip-address={{ host_address }}
{% endfor %}
{% else %}
gw-ip-address={{ gateway_address }}
{% endif %}
{% endif %}
{% endif %}

Details

Difficulty level
Unknown (require assessment)
Version
1.4-EPA3
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Bug (incorrect behavior)

Event Timeline

vagnermk created this task.Jun 1 2024, 4:55 PM
syncer edited projects, added VyOS 1.4 Sagitta (1.4.0-GA); removed VyOS 1.4 Sagitta.Jun 2 2024, 1:39 PM
pasik subscribed.Jun 2 2024, 6:50 PM
Viacheslav subscribed.Jun 3 2024, 6:59 AM

Add the set of commands to reproduce.

Viacheslav triaged this task as Normal priority.Jun 3 2024, 6:59 AM
Viacheslav raised the priority of this task from Normal to High.
Viacheslav lowered the priority of this task from High to Normal.EditedJun 3 2024, 9:11 AM

If you add this config after the server is configured, it works as it requires a restart of the service

sudo systemctl restart [email protected]

Or reconfigure the service again

delete service pppoe-server
commit
set service xxx

So reload-or-restart is not implemented in the accel-ppp correctly, and this change requires restart.
Mostly, each change in the accel-ppp requires a restart.

CoA works fine

vyos@r4# run show conf com | match ppp
set service pppoe-server authentication mode 'radius'
set service pppoe-server authentication radius dynamic-author key 'my-key'
set service pppoe-server authentication radius dynamic-author server '192.168.122.14'
set service pppoe-server authentication radius nas-identifier 'VyOS'
set service pppoe-server authentication radius nas-ip-address '192.168.122.14'
set service pppoe-server authentication radius server 127.0.0.1 key 'vyos-secret'
set service pppoe-server client-ip-pool POOL range '100.64.12.21-100.64.12.205'
set service pppoe-server default-pool 'POOL'
set service pppoe-server interface eth2
[edit]
vyos@r4# 
[edit]
vyos@r4# sudo netstat -tulpn | grep 1700
udp        0      0 192.168.122.14:1700     0.0.0.0:*                           8302/accel-pppd     
[edit]
vyos@r4#

Prove

vyos@r4# set service pppoe-server authentication radius dynamic-author port 3799
[edit]
vyos@r4# commit
[ service pppoe-server ]

WARNING: IPv4 Server requires gateway-address to be configured!


[edit]
vyos@r4# sudo netstat -tulpn | grep 3799
[edit]
vyos@r4# 
[edit]
vyos@r4# 
[edit]
vyos@r4# sudo systemctl restart [email protected]
[edit]
vyos@r4# sudo netstat -tulpn | grep 3799
udp        0      0 192.168.122.14:3799     0.0.0.0:*                           8729/accel-pppd     
[edit]
vyos@r4#
dmbaturin edited projects, added VyOS 1.4 Sagitta (1.4.1); removed VyOS 1.4 Sagitta (1.4.0-GA).Jul 2 2024, 7:29 PM