Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo

Close

L2TP, RADIUS, RFC 2809

2010-12-01
2013-03-27
  • Crypto Gnome
    Crypto Gnome
    2010-12-01

    Looking through the Manual for 5.5 it looks as if MPD has everything we need to dynamically tunnel-switch L2TP sessions, *EXCEPT* that it does not support RFC 2809 (l2tp compulsory tunnelling via RADIUS) and the tunnel-attributes in a RADIUS access-response.

    Is there a developer who would be interested in coding the required changes and can you give me an estimate of the required time (and your hourly rate)?

     
  • MPD 5 supports compulsory tunneling alike to described in RFC 2809 "4.2. Dual authentication" paragraph. When RADIUS server returns authentication result to MPD, it can use mpd-action Vendor-Specific RADIUS attribute to specify either local call termination using "bundle XXX" attribute value, where XXX is some configured bundle (or bundle template) name, or call forwarding using "forward YYY" value, where YYY is a name of link (or link template), configured for making outgoing calls. It last case MPD will not sent authentication result to client, but instead will forward call to tunneling server using specified link.

    One thing MPD doesn't implement in this case is LCP parameters forwarding. It will require tunnel server to redo all LCP negotiation sequence from the beginning.

     
  • Crypto Gnome
    Crypto Gnome
    2010-12-01

    Yes, so it's essentially "the same sort of thing as" but it's not quite the same (specifically, *some* parts have to be configured manually rather than being 100% RADIUS driven).

    So the obvious question is are there any developers out there interested in developing said feature on a $ basis, presumably while we're cutting code we may as well also LCP param forwarding as well, and I'm sure there will be "more things" turning up in interoperability testing.

     
  • I'll be very busy next months, but if somebody else wants to take it - welcome. I'll try to help with some comments if needed. If result will be fine, I'll be glad to import it to the next version.