Client R1 has been configured to do dial-on-demand:
default:
create link static L1 pppoe
set auth authname rihad
set auth password whatever
set pppoe iface em1
set link max-redial 0
create bundle static B1
set bundle links L1
set ipcp enable req-pri-dns req-sec-dns
set iface addrs 1.2.3.4 5.6.7.8
set iface route default
set iface enable on-demand
open iface
PPPoE server R3:
default:
set ippool add pool1 88.88.0.1 88.88.0.99
create bundle template B
set ipcp ranges 88.88.0.254/32 ippool pool1
set ipcp dns 8.8.8.8
set iface enable tcpmssfix
create link template L l2tp
set l2tp enable length
set link action bundle B
set link enable pap
set l2tp self 10.0.24.3
set l2tp peer 10.0.24.2
set link enable incoming
create link template L2 pppoe
set link action bundle B
set pppoe iface em1
set link enable incoming
set radius server radius.localnet c00lpass 1812 1812
set radius enable message-authentic
set radius me em0
set auth disable internal
set auth disable acct-mandatory
set auth enable radius-auth radius-acct
set auth max-logins 1 CI
I didn't yet turn on the OpenRADIUS server, and tried authing. To my surprise, P-t-p addresses and default route in R1 got assigned by server as if after successful auth, and I could ping R1->R4 through R3.
R3 logs at the time of strange auth success:
Nov 13 16:13:32 R3 ppp: process 2367 started, version 5.7 (root@orange.bsdrp.net 18:37 26-Oct-2013)
Nov 13 16:13:32 R3 ppp: CONSOLE: listening on 127.0.0.1 5005
Nov 13 16:13:32 R3 ppp: L2TP: waiting for connection on 10.0.24.3 1701
Nov 13 16:13:32 R3 ppp: PPPoE: waiting for connection on em1:, service ""
Nov 13 16:13:36 R3 ppp: Incoming PPPoE connection request via em1: for service "" from 00:0c:29:85:63:eb
Nov 13 16:13:36 R3 ppp: [L2-2] Accepting PPPoE connection
Nov 13 16:13:36 R3 ppp: [L2-2] Link: OPEN event
Nov 13 16:13:36 R3 ppp: [L2-2] LCP: Open event
Nov 13 16:13:36 R3 ppp: [L2-2] LCP: state change Initial --> Starting
Nov 13 16:13:36 R3 ppp: [L2-2] LCP: LayerStart
Nov 13 16:13:36 R3 ppp: [L2-2] PPPoE: connection successful
Nov 13 16:13:36 R3 ppp: [L2-2] Link: UP event
Nov 13 16:13:36 R3 ppp: [L2-2] LCP: Up event
Nov 13 16:13:36 R3 ppp: [L2-2] LCP: state change Starting --> Req-Sent
Nov 13 16:13:36 R3 ppp: [L2-2] LCP: SendConfigReq #1
Nov 13 16:13:36 R3 ppp: [L2-2] PROTOCOMP
Nov 13 16:13:36 R3 ppp: [L2-2] MRU 1492
Nov 13 16:13:36 R3 ppp: [L2-2] MAGICNUM 07584b77
Nov 13 16:13:36 R3 ppp: [L2-2] LCP: rec'd Configure Request #5 (Req-Sent)
Nov 13 16:13:36 R3 ppp: [L2-2] PROTOCOMP
Nov 13 16:13:36 R3 ppp: [L2-2] MRU 1492
Nov 13 16:13:36 R3 ppp: [L2-2] MAGICNUM e238cc80
Nov 13 16:13:36 R3 ppp: [L2-2] LCP: SendConfigAck #5
Nov 13 16:13:36 R3 ppp: [L2-2] PROTOCOMP
Nov 13 16:13:36 R3 ppp: [L2-2] MRU 1492
Nov 13 16:13:36 R3 ppp: [L2-2] MAGICNUM e238cc80
Nov 13 16:13:36 R3 ppp: [L2-2] LCP: state change Req-Sent --> Ack-Sent
Nov 13 16:13:38 R3 ppp: [L2-2] LCP: SendConfigReq #2
Nov 13 16:13:38 R3 ppp: [L2-2] PROTOCOMP
Nov 13 16:13:38 R3 ppp: [L2-2] MRU 1492
Nov 13 16:13:38 R3 ppp: [L2-2] MAGICNUM 07584b77
Nov 13 16:13:38 R3 ppp: [L2-2] LCP: rec'd Configure Request #6 (Ack-Sent)
Nov 13 16:13:38 R3 ppp: [L2-2] PROTOCOMP
Nov 13 16:13:38 R3 ppp: [L2-2] MRU 1492
Nov 13 16:13:38 R3 ppp: [L2-2] MAGICNUM e238cc80
Nov 13 16:13:38 R3 ppp: [L2-2] LCP: SendConfigAck #6
Nov 13 16:13:38 R3 ppp: [L2-2] PROTOCOMP
Nov 13 16:13:38 R3 ppp: [L2-2] MRU 1492
Nov 13 16:13:38 R3 ppp: [L2-2] MAGICNUM e238cc80
Nov 13 16:13:38 R3 ppp: [L2-2] LCP: rec'd Configure Ack #2 (Ack-Sent)
Nov 13 16:13:38 R3 ppp: [L2-2] PROTOCOMP
Nov 13 16:13:38 R3 ppp: [L2-2] MRU 1492
Nov 13 16:13:38 R3 ppp: [L2-2] MAGICNUM 07584b77
Nov 13 16:13:38 R3 ppp: [L2-2] LCP: state change Ack-Sent --> Opened
Nov 13 16:13:38 R3 ppp: [L2-2] LCP: auth: peer wants nothing, I want nothing
Nov 13 16:13:38 R3 ppp: [L2-2] LCP: authorization successful
Nov 13 16:13:38 R3 ppp: [L2-2] Link: Matched action 'bundle "B" ""'
Nov 13 16:13:38 R3 ppp: [L2-2] Creating new bundle using template "B".
Nov 13 16:13:38 R3 ppp: [B-1] Bundle: Interface ng0 created
Nov 13 16:13:38 R3 ppp: [L2-2] Link: Join bundle "B-1"
Nov 13 16:13:38 R3 ppp: [B-1] Bundle: Status update: up 1 link, total bandwidth 64000 bps
Nov 13 16:13:38 R3 ppp: [B-1] IPCP: Open event
Nov 13 16:13:38 R3 ppp: [B-1] IPCP: state change Initial --> Starting
Nov 13 16:13:38 R3 ppp: [B-1] IPCP: LayerStart
Nov 13 16:13:38 R3 ppp: [B-1] IPCP: Up event
Nov 13 16:13:38 R3 ppp: [B-1] IPCP: Got IP 88.88.0.1 from pool "pool1" for peer
Nov 13 16:13:38 R3 ppp: [B-1] IPCP: state change Starting --> Req-Sent
Nov 13 16:13:38 R3 ppp: [B-1] IPCP: SendConfigReq #1
Nov 13 16:13:38 R3 ppp: [B-1] IPADDR 88.88.0.254
Nov 13 16:13:38 R3 ppp: [B-1] COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
Nov 13 16:13:38 R3 ppp: [L2-2] LCP: LayerUp
Nov 13 16:13:38 R3 ppp: [B-1] IPCP: rec'd Configure Request #5 (Req-Sent)
Nov 13 16:13:38 R3 ppp: [B-1] IPADDR 192.168.0.111
Nov 13 16:13:38 R3 ppp: [B-1] NAKing with 88.88.0.1
Nov 13 16:13:38 R3 ppp: [B-1] COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
Nov 13 16:13:38 R3 ppp: [B-1] PRIDNS 0.0.0.0
Nov 13 16:13:38 R3 ppp: [B-1] NAKing with 8.8.8.8
Nov 13 16:13:38 R3 ppp: [B-1] SECDNS 0.0.0.0
Nov 13 16:13:38 R3 ppp: [B-1] IPCP: SendConfigRej #5
Nov 13 16:13:38 R3 ppp: [B-1] SECDNS 0.0.0.0
Nov 13 16:13:38 R3 ppp: [B-1] IPCP: rec'd Configure Ack #1 (Req-Sent)
Nov 13 16:13:38 R3 ppp: [B-1] IPADDR 88.88.0.254
Nov 13 16:13:38 R3 ppp: [B-1] COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
Nov 13 16:13:38 R3 ppp: [B-1] IPCP: state change Req-Sent --> Ack-Rcvd
Nov 13 16:13:38 R3 ppp: [L2-2] RADIUS: Accounting user '' (Type: 1)
Nov 13 16:13:38 R3 ppp: [B-1] IPCP: rec'd Configure Request #6 (Ack-Rcvd)
Nov 13 16:13:38 R3 ppp: [B-1] IPADDR 192.168.0.111
Nov 13 16:13:38 R3 ppp: [B-1] NAKing with 88.88.0.1
Nov 13 16:13:38 R3 ppp: [B-1] COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
Nov 13 16:13:38 R3 ppp: [B-1] PRIDNS 0.0.0.0
Nov 13 16:13:38 R3 ppp: [B-1] NAKing with 8.8.8.8
Nov 13 16:13:38 R3 ppp: [B-1] IPCP: SendConfigNak #6
Nov 13 16:13:38 R3 ppp: [B-1] IPADDR 88.88.0.1
Nov 13 16:13:38 R3 ppp: [B-1] PRIDNS 8.8.8.8
Nov 13 16:13:38 R3 ppp: [B-1] IPCP: rec'd Configure Request #7 (Ack-Rcvd)
Nov 13 16:13:38 R3 ppp: [B-1] IPADDR 88.88.0.1
Nov 13 16:13:38 R3 ppp: [B-1] 88.88.0.1 is OK
Nov 13 16:13:38 R3 ppp: [B-1] COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
Nov 13 16:13:38 R3 ppp: [B-1] PRIDNS 8.8.8.8
Nov 13 16:13:38 R3 ppp: [B-1] IPCP: SendConfigAck #7
Nov 13 16:13:38 R3 ppp: [B-1] IPADDR 88.88.0.1
Nov 13 16:13:38 R3 ppp: [B-1] COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
Nov 13 16:13:38 R3 ppp: [B-1] PRIDNS 8.8.8.8
Nov 13 16:13:38 R3 ppp: [B-1] IPCP: state change Ack-Rcvd --> Opened
Nov 13 16:13:38 R3 ppp: [B-1] IPCP: LayerUp
Nov 13 16:13:38 R3 ppp: [B-1] 88.88.0.254 -> 88.88.0.1
Nov 13 16:13:39 R3 ppp: [B-1] IFACE: Up event
Nov 13 16:13:54 R3 ppp: [L2-2] RADIUS: rad_send_request for user '' failed: No valid RADIUS responses received
Why is this happening?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I'm awfully sorry, it was my mistake, I was thinking setting radius auth was enough, but I also had to enable pap on the pppoe link. Now I correctly can't auth, since RADIUS is down. But another very bad thing happened. As I was saying, R1 is unable to login because RADIUS is down. But I simply configured the interface on R1 manually:
ifconfig ng0 88.88.0.1 88.88.0.254
and I could now ping 88.88.0.254 and even ssh to it.
Why is this happening?
Last edit: rihad 2013-11-13
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Again my fault, assigning arbitrary addresses on the ng0 link (which got added as secondary addresses, alongside with PPP ones) was possible, but communication only took place after I logged in, otherwise packets are discarded.
So the only problem now is this strange error on R3 at auth time:
Nov 13 16:59:56 R3 ppp: [L2-1] rec'd unexpected protocol IP
L2 is configured as:
create link template L2 pppoe
set link action bundle B
set pppoe iface em1
set link enable pap
set link enable incoming
My guess is that that error occurs when MPD receives the ping request from R1 that I use to trigger dial-on-demand. Is this the case?
Last edit: rihad 2013-11-13
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Very weird.
Client R1 has been configured to do dial-on-demand:
default:
create link static L1 pppoe
set auth authname rihad
set auth password whatever
set pppoe iface em1
set link max-redial 0
PPPoE server R3:
default:
set ippool add pool1 88.88.0.1 88.88.0.99
create bundle template B set ipcp ranges 88.88.0.254/32 ippool pool1 set ipcp dns 8.8.8.8 set iface enable tcpmssfix create link template L l2tp set l2tp enable length set link action bundle B set link enable pap set l2tp self 10.0.24.3 set l2tp peer 10.0.24.2 set link enable incoming create link template L2 pppoe set link action bundle B set pppoe iface em1 set link enable incoming set radius server radius.localnet c00lpass 1812 1812 set radius enable message-authentic set radius me em0 set auth disable internal set auth disable acct-mandatory set auth enable radius-auth radius-acct set auth max-logins 1 CII didn't yet turn on the OpenRADIUS server, and tried authing. To my surprise, P-t-p addresses and default route in R1 got assigned by server as if after successful auth, and I could ping R1->R4 through R3.
R3 logs at the time of strange auth success:
Nov 13 16:13:32 R3 ppp: process 2367 started, version 5.7 (root@orange.bsdrp.net 18:37 26-Oct-2013)
Nov 13 16:13:32 R3 ppp: CONSOLE: listening on 127.0.0.1 5005
Nov 13 16:13:32 R3 ppp: L2TP: waiting for connection on 10.0.24.3 1701
Nov 13 16:13:32 R3 ppp: PPPoE: waiting for connection on em1:, service ""
Nov 13 16:13:36 R3 ppp: Incoming PPPoE connection request via em1: for service "" from 00:0c:29:85:63:eb
Nov 13 16:13:36 R3 ppp: [L2-2] Accepting PPPoE connection
Nov 13 16:13:36 R3 ppp: [L2-2] Link: OPEN event
Nov 13 16:13:36 R3 ppp: [L2-2] LCP: Open event
Nov 13 16:13:36 R3 ppp: [L2-2] LCP: state change Initial --> Starting
Nov 13 16:13:36 R3 ppp: [L2-2] LCP: LayerStart
Nov 13 16:13:36 R3 ppp: [L2-2] PPPoE: connection successful
Nov 13 16:13:36 R3 ppp: [L2-2] Link: UP event
Nov 13 16:13:36 R3 ppp: [L2-2] LCP: Up event
Nov 13 16:13:36 R3 ppp: [L2-2] LCP: state change Starting --> Req-Sent
Nov 13 16:13:36 R3 ppp: [L2-2] LCP: SendConfigReq #1
Nov 13 16:13:36 R3 ppp: [L2-2] PROTOCOMP
Nov 13 16:13:36 R3 ppp: [L2-2] MRU 1492
Nov 13 16:13:36 R3 ppp: [L2-2] MAGICNUM 07584b77
Nov 13 16:13:36 R3 ppp: [L2-2] LCP: rec'd Configure Request #5 (Req-Sent)
Nov 13 16:13:36 R3 ppp: [L2-2] PROTOCOMP
Nov 13 16:13:36 R3 ppp: [L2-2] MRU 1492
Nov 13 16:13:36 R3 ppp: [L2-2] MAGICNUM e238cc80
Nov 13 16:13:36 R3 ppp: [L2-2] LCP: SendConfigAck #5
Nov 13 16:13:36 R3 ppp: [L2-2] PROTOCOMP
Nov 13 16:13:36 R3 ppp: [L2-2] MRU 1492
Nov 13 16:13:36 R3 ppp: [L2-2] MAGICNUM e238cc80
Nov 13 16:13:36 R3 ppp: [L2-2] LCP: state change Req-Sent --> Ack-Sent
Nov 13 16:13:38 R3 ppp: [L2-2] LCP: SendConfigReq #2
Nov 13 16:13:38 R3 ppp: [L2-2] PROTOCOMP
Nov 13 16:13:38 R3 ppp: [L2-2] MRU 1492
Nov 13 16:13:38 R3 ppp: [L2-2] MAGICNUM 07584b77
Nov 13 16:13:38 R3 ppp: [L2-2] LCP: rec'd Configure Request #6 (Ack-Sent)
Nov 13 16:13:38 R3 ppp: [L2-2] PROTOCOMP
Nov 13 16:13:38 R3 ppp: [L2-2] MRU 1492
Nov 13 16:13:38 R3 ppp: [L2-2] MAGICNUM e238cc80
Nov 13 16:13:38 R3 ppp: [L2-2] LCP: SendConfigAck #6
Nov 13 16:13:38 R3 ppp: [L2-2] PROTOCOMP
Nov 13 16:13:38 R3 ppp: [L2-2] MRU 1492
Nov 13 16:13:38 R3 ppp: [L2-2] MAGICNUM e238cc80
Nov 13 16:13:38 R3 ppp: [L2-2] LCP: rec'd Configure Ack #2 (Ack-Sent)
Nov 13 16:13:38 R3 ppp: [L2-2] PROTOCOMP
Nov 13 16:13:38 R3 ppp: [L2-2] MRU 1492
Nov 13 16:13:38 R3 ppp: [L2-2] MAGICNUM 07584b77
Nov 13 16:13:38 R3 ppp: [L2-2] LCP: state change Ack-Sent --> Opened
Nov 13 16:13:38 R3 ppp: [L2-2] LCP: auth: peer wants nothing, I want nothing
Nov 13 16:13:38 R3 ppp: [L2-2] LCP: authorization successful
Nov 13 16:13:38 R3 ppp: [L2-2] Link: Matched action 'bundle "B" ""'
Nov 13 16:13:38 R3 ppp: [L2-2] Creating new bundle using template "B".
Nov 13 16:13:38 R3 ppp: [B-1] Bundle: Interface ng0 created
Nov 13 16:13:38 R3 ppp: [L2-2] Link: Join bundle "B-1"
Nov 13 16:13:38 R3 ppp: [B-1] Bundle: Status update: up 1 link, total bandwidth 64000 bps
Nov 13 16:13:38 R3 ppp: [B-1] IPCP: Open event
Nov 13 16:13:38 R3 ppp: [B-1] IPCP: state change Initial --> Starting
Nov 13 16:13:38 R3 ppp: [B-1] IPCP: LayerStart
Nov 13 16:13:38 R3 ppp: [B-1] IPCP: Up event
Nov 13 16:13:38 R3 ppp: [B-1] IPCP: Got IP 88.88.0.1 from pool "pool1" for peer
Nov 13 16:13:38 R3 ppp: [B-1] IPCP: state change Starting --> Req-Sent
Nov 13 16:13:38 R3 ppp: [B-1] IPCP: SendConfigReq #1
Nov 13 16:13:38 R3 ppp: [B-1] IPADDR 88.88.0.254
Nov 13 16:13:38 R3 ppp: [B-1] COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
Nov 13 16:13:38 R3 ppp: [L2-2] LCP: LayerUp
Nov 13 16:13:38 R3 ppp: [B-1] IPCP: rec'd Configure Request #5 (Req-Sent)
Nov 13 16:13:38 R3 ppp: [B-1] IPADDR 192.168.0.111
Nov 13 16:13:38 R3 ppp: [B-1] NAKing with 88.88.0.1
Nov 13 16:13:38 R3 ppp: [B-1] COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
Nov 13 16:13:38 R3 ppp: [B-1] PRIDNS 0.0.0.0
Nov 13 16:13:38 R3 ppp: [B-1] NAKing with 8.8.8.8
Nov 13 16:13:38 R3 ppp: [B-1] SECDNS 0.0.0.0
Nov 13 16:13:38 R3 ppp: [B-1] IPCP: SendConfigRej #5
Nov 13 16:13:38 R3 ppp: [B-1] SECDNS 0.0.0.0
Nov 13 16:13:38 R3 ppp: [B-1] IPCP: rec'd Configure Ack #1 (Req-Sent)
Nov 13 16:13:38 R3 ppp: [B-1] IPADDR 88.88.0.254
Nov 13 16:13:38 R3 ppp: [B-1] COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
Nov 13 16:13:38 R3 ppp: [B-1] IPCP: state change Req-Sent --> Ack-Rcvd
Nov 13 16:13:38 R3 ppp: [L2-2] RADIUS: Accounting user '' (Type: 1)
Nov 13 16:13:38 R3 ppp: [B-1] IPCP: rec'd Configure Request #6 (Ack-Rcvd)
Nov 13 16:13:38 R3 ppp: [B-1] IPADDR 192.168.0.111
Nov 13 16:13:38 R3 ppp: [B-1] NAKing with 88.88.0.1
Nov 13 16:13:38 R3 ppp: [B-1] COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
Nov 13 16:13:38 R3 ppp: [B-1] PRIDNS 0.0.0.0
Nov 13 16:13:38 R3 ppp: [B-1] NAKing with 8.8.8.8
Nov 13 16:13:38 R3 ppp: [B-1] IPCP: SendConfigNak #6
Nov 13 16:13:38 R3 ppp: [B-1] IPADDR 88.88.0.1
Nov 13 16:13:38 R3 ppp: [B-1] PRIDNS 8.8.8.8
Nov 13 16:13:38 R3 ppp: [B-1] IPCP: rec'd Configure Request #7 (Ack-Rcvd)
Nov 13 16:13:38 R3 ppp: [B-1] IPADDR 88.88.0.1
Nov 13 16:13:38 R3 ppp: [B-1] 88.88.0.1 is OK
Nov 13 16:13:38 R3 ppp: [B-1] COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
Nov 13 16:13:38 R3 ppp: [B-1] PRIDNS 8.8.8.8
Nov 13 16:13:38 R3 ppp: [B-1] IPCP: SendConfigAck #7
Nov 13 16:13:38 R3 ppp: [B-1] IPADDR 88.88.0.1
Nov 13 16:13:38 R3 ppp: [B-1] COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
Nov 13 16:13:38 R3 ppp: [B-1] PRIDNS 8.8.8.8
Nov 13 16:13:38 R3 ppp: [B-1] IPCP: state change Ack-Rcvd --> Opened
Nov 13 16:13:38 R3 ppp: [B-1] IPCP: LayerUp
Nov 13 16:13:38 R3 ppp: [B-1] 88.88.0.254 -> 88.88.0.1
Nov 13 16:13:39 R3 ppp: [B-1] IFACE: Up event
Nov 13 16:13:54 R3 ppp: [L2-2] RADIUS: rad_send_request for user '' failed: No valid RADIUS responses received
Why is this happening?
Also, there's a strange log error in R3 server (config is above):
Nov 13 16:59:56 R3 ppp: [L2-1] rec'd unexpected protocol IP
I'm awfully sorry, it was my mistake, I was thinking setting radius auth was enough, but I also had to enable pap on the pppoe link. Now I correctly can't auth, since RADIUS is down. But another very bad thing happened. As I was saying, R1 is unable to login because RADIUS is down. But I simply configured the interface on R1 manually:
ifconfig ng0 88.88.0.1 88.88.0.254
and I could now ping 88.88.0.254 and even ssh to it.
Why is this happening?
Last edit: rihad 2013-11-13
Again my fault, assigning arbitrary addresses on the ng0 link (which got added as secondary addresses, alongside with PPP ones) was possible, but communication only took place after I logged in, otherwise packets are discarded.
So the only problem now is this strange error on R3 at auth time:
Nov 13 16:59:56 R3 ppp: [L2-1] rec'd unexpected protocol IP
L2 is configured as:
create link template L2 pppoe set link action bundle B set pppoe iface em1 set link enable pap set link enable incomingMy guess is that that error occurs when MPD receives the ping request from R1 that I use to trigger dial-on-demand. Is this the case?
Last edit: rihad 2013-11-13