<feed xmlns='http://www.w3.org/2005/Atom'>
<title>accel-ppp.git/accel-pppd/radius, branch 1.14.0</title>
<subtitle>High performance PPTP/L2TP/SSTP/PPPoE/IPoE server for Linux (mirror of https://github.com/accel-ppp/accel-ppp.git)
</subtitle>
<id>https://git.amelek.net/accel-ppp/accel-ppp.git/atom?h=1.14.0</id>
<link rel='self' href='https://git.amelek.net/accel-ppp/accel-ppp.git/atom?h=1.14.0'/>
<link rel='alternate' type='text/html' href='https://git.amelek.net/accel-ppp/accel-ppp.git/'/>
<updated>2026-01-24T16:20:37+00:00</updated>
<entry>
<title>dae-allowed: Remove nagging about making option mandatory</title>
<updated>2026-01-24T16:20:37+00:00</updated>
<author>
<name>Denys Fedoryshchenko</name>
<email>denys.f@collabora.com</email>
</author>
<published>2026-01-24T16:20:37+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/accel-ppp/accel-ppp.git/commit/?id=1addd77cf73bef943175648d534cce2e1a66497f'/>
<id>urn:sha1:1addd77cf73bef943175648d534cce2e1a66497f</id>
<content type='text'>
Signed-off-by: Denys Fedoryshchenko &lt;denys.f@collabora.com&gt;
</content>
</entry>
<entry>
<title>radius: Implement DM/CoA security hardening by restricting source ip addresses</title>
<updated>2025-12-22T22:48:30+00:00</updated>
<author>
<name>Denys Fedoryshchenko</name>
<email>denys.f@collabora.com</email>
</author>
<published>2025-12-21T08:44:22+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/accel-ppp/accel-ppp.git/commit/?id=2550fe6cd9de9734cbc41179931fd029d8d132d6'/>
<id>urn:sha1:2550fe6cd9de9734cbc41179931fd029d8d132d6</id>
<content type='text'>
Signed-off-by: Denys Fedoryshchenko &lt;denys.f@collabora.com&gt;
</content>
</entry>
<entry>
<title>fix(radius): refresh session stats in req_set_stat</title>
<updated>2025-12-15T20:49:18+00:00</updated>
<author>
<name>Denys Fedoryshchenko</name>
<email>denys.f@collabora.com</email>
</author>
<published>2025-12-15T19:54:52+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/accel-ppp/accel-ppp.git/commit/?id=179a36695c7a3880041ead1c7c421f9d3ed6462f'/>
<id>urn:sha1:179a36695c7a3880041ead1c7c421f9d3ed6462f</id>
<content type='text'>
Signed-off-by: Denys Fedoryshchenko &lt;denys.f@collabora.com&gt;
</content>
</entry>
<entry>
<title>Merge pull request #279 from nuclearcat/fix-acct</title>
<updated>2025-12-13T15:06:13+00:00</updated>
<author>
<name>Denys Fedoryshchenko</name>
<email>denys.f@collabora.com</email>
</author>
<published>2025-12-13T15:06:13+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/accel-ppp/accel-ppp.git/commit/?id=2e13b0ccfb3b87955ec1cb141435575d87a09570'/>
<id>urn:sha1:2e13b0ccfb3b87955ec1cb141435575d87a09570</id>
<content type='text'>
acct: Fix losing some data on interface down due wrong sequence</content>
</entry>
<entry>
<title>fix(accounting): preserve last counters on disconnect</title>
<updated>2025-12-13T13:40:59+00:00</updated>
<author>
<name>Dmitriy Eshenko</name>
<email>dmitriy.eshenko@accel-ppp.org</email>
</author>
<published>2025-12-13T13:38:16+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/accel-ppp/accel-ppp.git/commit/?id=8c8ddabc22a523fb129e422baa025d720c3b455b'/>
<id>urn:sha1:8c8ddabc22a523fb129e422baa025d720c3b455b</id>
<content type='text'>
Ensure accounting values include the most recent traffic sample when a session disconnects,
preventing the final interval from being dropped and avoiding under-reported totals in usage/billing.

Big thanks Dmitriy Eshenko for patch and testing

Author: Dmitriy Eshenko &lt;dmitriy.eshenko@accel-ppp.org&gt;
Signed-off-by: Denys Fedoryshchenko &lt;denys.f@collabora.com&gt;
</content>
</entry>
<entry>
<title>crypto: Removed internal tomcat crypto.</title>
<updated>2025-12-10T17:16:42+00:00</updated>
<author>
<name>Andrii Melnychenko</name>
<email>a.melnychenko@vyos.io</email>
</author>
<published>2025-09-29T16:14:48+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/accel-ppp/accel-ppp.git/commit/?id=c912d09018828745e3bcba268cd02a611e324d54'/>
<id>urn:sha1:c912d09018828745e3bcba268cd02a611e324d54</id>
<content type='text'>
Signed-off-by: Andrii Melnychenko &lt;a.melnychenko@vyos.io&gt;
</content>
</entry>
<entry>
<title>Merge pull request #267 from nuclearcat/fix-ssl-warnings</title>
<updated>2025-11-28T06:39:54+00:00</updated>
<author>
<name>Denys Fedoryshchenko</name>
<email>denys.f@collabora.com</email>
</author>
<published>2025-11-28T06:39:54+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/accel-ppp/accel-ppp.git/commit/?id=ac31c84a36c069c90e37ab28a9e980c0749b2b37'/>
<id>urn:sha1:ac31c84a36c069c90e37ab28a9e980c0749b2b37</id>
<content type='text'>
Suppress OpenSSL 3.0 deprecation warnings for legacy crypto APIs</content>
</entry>
<entry>
<title>fixup! Add RADIUS blast attack protection with Message-Authenticator</title>
<updated>2025-11-26T18:29:52+00:00</updated>
<author>
<name>Denys Fedoryshchenko</name>
<email>denys.f@collabora.com</email>
</author>
<published>2025-11-26T18:28:49+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/accel-ppp/accel-ppp.git/commit/?id=92110f9f3c9473de3d32bdc6202abb47315d41e7'/>
<id>urn:sha1:92110f9f3c9473de3d32bdc6202abb47315d41e7</id>
<content type='text'>
Not a bug, but to supress warnings.

Signed-off-by: Denys Fedoryshchenko &lt;denys.f@collabora.com&gt;
</content>
</entry>
<entry>
<title>Suppress OpenSSL 3.0 deprecation warnings for legacy crypto APIs</title>
<updated>2025-11-26T18:23:38+00:00</updated>
<author>
<name>Denys Fedoryshchenko</name>
<email>denys.f@collabora.com</email>
</author>
<published>2025-11-26T18:22:26+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/accel-ppp/accel-ppp.git/commit/?id=f03dc39ae891d20e56d7acd764a9b5764a8a2fef'/>
<id>urn:sha1:f03dc39ae891d20e56d7acd764a9b5764a8a2fef</id>
<content type='text'>
We are using similar approach as in other projects, easiest one,
but probably in future it will break as soon as this functions
will be removed completely.

Signed-off-by: Denys Fedoryshchenko &lt;denys.f@collabora.com&gt;
</content>
</entry>
<entry>
<title>Add RADIUS blast attack protection with Message-Authenticator</title>
<updated>2025-07-01T11:32:13+00:00</updated>
<author>
<name>Denys Fedoryshchenko</name>
<email>denys.f@collabora.com</email>
</author>
<published>2025-06-25T19:31:08+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/accel-ppp/accel-ppp.git/commit/?id=1ce263f13ac0b3aed3b14b4a9bb6a51afe210684'/>
<id>urn:sha1:1ce263f13ac0b3aed3b14b4a9bb6a51afe210684</id>
<content type='text'>
Recently FreeRadius started to complain accel-ppp doesn't pass
BlastRADIUS check. This commit fixes that.

This commit implements protection against RADIUS blast attacks
by adding support for the Message-Authenticator attribute in
Access-Request packets. This security enhancement helps
prevent unauthorized access attempts and replay attacks
on RADIUS authentication.

- Added new configuration option `blast-protection=1`
  in [radius] to enable Message-Authenticator inclusion
- Implemented HMAC-MD5 calculation for
  Message-Authenticator attribute (RFC 2869)
- Modified packet building to include 18-byte Message-Authenticator
  attribute when enabled
- Updated packet structure to support signing with shared secret

Enable blast protection by adding to the `[radius]` section:
```
blast-protection=1
```

When enabled, all Access-Request packets will include a
Message-Authenticator attribute with HMAC-MD5 signature,
providing cryptographic integrity verification and protection
against packet modification attacks.

Signed-off-by: Denys Fedoryshchenko &lt;denys.f@collabora.com&gt;
</content>
</entry>
</feed>
