#43 L2TP Tunnel Switching Enhancements - Proxy authentication

open
nobody
None
5
2011-01-17
2011-01-17
Anonymous
No

This patch contains 2 enhancements to support operation of mpd 5.5 as an L2TP Tunnel Switch (LTS).

Primarily, it adds proxy CHAP authentication. If an incoming L2TP session provides proxy authentication attributes (and you have specified "set l2tp enable proxychap"), then MPD will use these to perform authentication before LCP is started. If the authentication method (e.g. RADIUS server) returns a repeater action then the session will be forwarded immediately without MPD needing to perform any LCP negotiation. If the authentication fails or does not yield a 'forward' or 'drop' action then local LCP negotiation and authentication will occur.

Secondly, this patch ensures that the RX and TX connect speed information provided by the LAC for an incoming L2TP sessions is forwarded on when MPD repeats this session to another L2TP session.

Discussion

  • Comment has been marked as spam. 
    Undo

    You can see all pending comments posted by this user  here


    Anonymous
    2011-01-17

    Add L2TP Proxy CHAP authentication and connection speed reporting

     
    Attachments
  • It would be very like to have L2TP auth proxy in mpd, but I don't like this specific implementation. Calling auth from the physical layer is IMHO not good. Specific tuning only for CHAP is also not good. Perfect solution I would suppose in passing (make it accessible in some form) auth information up to the LCP layer to make it handled in regular way.