| Age | Commit message (Collapse) | Author |
|---|
|
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
|
|
|
|
Use the following configuration to enable clsact up and down limiters:
[shaper]
up-limiter=police
down-limiter=clsact
It is also recommended to set down-burst-factor=1.0
How to check current configuration in Linux:
tc qdisc show dev ppp0
tc filter show dev ppp0 egress
tc filter show dev ppp0 ingress
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
|
|
Co-authored-by: Peter Adam <p.adam@cygnusnetworks.de>
|
|
show sessions command
|
|
Add information about link-selection ipoe option in accel-ppp.conf man.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
|
|
DHCP "agent remote id" sub-option 2 of option 82 can already be
configured with [ipoe] / "agent-remote-id". However, it is not
documented.
Add information about agent-remote-id in accel-ppp.conf man.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
|
|
|
|
T60: Implement configurable session-timeout param for all connection …
|
|
|
|
Fine tune commit 39a9eb807ade35cf60edc6f2e209ed74ba1d262f
|
|
|
|
This patch introduces nas-port-id-in-req switch to disable sending
NAS-Port-Id attribute in radauth and radacct messages. New switch
might be useful if radius server cannot properly handle this
attrubite.
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
|
|
|
|
Netlink buffers may overflow so it might be useful to increase send and receive
netlink buffer sizes.
Two parameters to [common] configuration section added: nl-rcv-buffer,
nl-snd-buffer.
It is required to set (sysctl) net.core.wmem_max>=nl-snd-buffer and
net.core.rmem_max>=nl-rcv-buffer before running accel-pppd
To check current netlink buffer size and related info use the following command:
% ss -f netlink -m
0 0 rtnl:kernel * skmem:(r0,rb212992,t0,tb212992,f0,w0,o0,bl0,d0)
0 0 rtnl:-1140221812 * skmem:(r0,rb2048000,t0,tb80000,f0,w0,o0,bl0,d0)
0 0 rtnl:accel-pppd/14285 * skmem:(r0,rb2048000,t0,tb65536,f0,w0,o0,bl0,d0)
...
(Please check man ss to get the meaning for r,rb,t,tb,f,w,o,bl and d params)
In the ss output you will see the values doubled from configured.
First accel-pppd netlink socket will use default values (rcv=1048576, snd=32768)
regardless of configured nl-rcv-buffer and nl-snd-buffer values.
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
|
|
|
|
|
|
refer #6 for modre details.
|
|
|
|
usually there's no need to have per-proto limitation, since the need
of max starting limitation affects the whole server, not particular
protocol only.
|
|
|
|
default stateful ipv6 address & prefix radius attrs are per-rfc6911:
171 Delegated-IPv6-Prefix-Pool
172 Stateful-IPv6-Address-Pool
the single pool name from chap-secret file pool is shared for
ipv4/ipv6/ipv6 dp, new config syntax TBD.
per-proto pool names are still for ipv4 only, new config syntax TBD.
|
|
If multisession behavior is managed by accel-ppp and Radius server
ignores the case of the User-Name attribute, it might be required to
ignore the case in accel-ppp to prevent multiple session with
different letter cases.
|
|
let check-ip setting from [ppp]/[ipoe] sections has prio over [common]
for compatibility with older configs.
|
|
sstp: implement ssl-protocol option and add unsupported features logging
|
|
|
|
|
|
possible protocols are ssl2, ssl3, tls1, tls1.1, tls1.2 and tls1.3,
but support does depend on openssl library.
defaults are up to openssl library w/o ssl2/ssl3.
|
|
|
|
Add info [ipoe]session-timeout and [ipoe]idle-timeout to accel-ppp.conf.5
|
|
Add info [modules]connlimit to accel-ppp.conf.5
|
|
Fix: ipv6-dns accel-ppp.conf.5
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
following bind option formats are valid:
bind=x.x.x.x
bind=2001:db8::1
bind=unix:/var/run/sstp.socket
bind=unix:@sstp
port option is meaningful for ipv4 and ipv6 only
|
|
currently the only ssl value is supported
|
|
|
|
|
|
new config options:
[ipoe]
weight=N - global weight
interface=ethX,weight=N - per-interface weight
How it works:
On reception of DHCPDISCOVER accel-ppp sends broadcast DHCP message to port 67 with same xid and add special vendor-specific option
where encodes its current session count multipled by weight.
On reception of such message accel-ppp searches session with same xid and compares weight.
If received weight is less than session's weight then it terminates this session.
per-interface weight=0 has special meaning as backup (fail-over) interface, f.e. it terminates session on any received weight.
By default weight based load balancing is disabled.
To enable need to specify global or/and per-interface weight.
|
|
If pool specified with /128 prefix length, then initialize intf_id by gw_ip6_address and peer_intf_id by generated pool address.
|
