| Age | Commit message (Collapse) | Author |
|---|
|
|
|
Fine tune commit 39a9eb807ade35cf60edc6f2e209ed74ba1d262f
|
|
This patch introduces nas-port-id-in-req switch to disable sending
NAS-Port-Id attribute in radauth and radacct messages. New switch
might be useful if radius server cannot properly handle this
attrubite.
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
|
|
Netlink buffers may overflow so it might be useful to increase send and receive
netlink buffer sizes.
Two parameters to [common] configuration section added: nl-rcv-buffer,
nl-snd-buffer.
It is required to set (sysctl) net.core.wmem_max>=nl-snd-buffer and
net.core.rmem_max>=nl-rcv-buffer before running accel-pppd
To check current netlink buffer size and related info use the following command:
% ss -f netlink -m
0 0 rtnl:kernel * skmem:(r0,rb212992,t0,tb212992,f0,w0,o0,bl0,d0)
0 0 rtnl:-1140221812 * skmem:(r0,rb2048000,t0,tb80000,f0,w0,o0,bl0,d0)
0 0 rtnl:accel-pppd/14285 * skmem:(r0,rb2048000,t0,tb65536,f0,w0,o0,bl0,d0)
...
(Please check man ss to get the meaning for r,rb,t,tb,f,w,o,bl and d params)
In the ss output you will see the values doubled from configured.
First accel-pppd netlink socket will use default values (rcv=1048576, snd=32768)
regardless of configured nl-rcv-buffer and nl-snd-buffer values.
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
|
|
refer #6 for modre details.
|
|
|
|
usually there's no need to have per-proto limitation, since the need
of max starting limitation affects the whole server, not particular
protocol only.
|
|
sessions)"
This reverts commit 02008c74a19c538ff7d9ce643c8cd4c738886196.
|
|
sessions)"
This reverts commit 61862862a9fa24db4f16c24db1aed1f1a5f0be19.
|
|
|
|
|
|
Add named ipv6 pools support
|
|
also, disable ipv6 pools via chap-secrets, need to find another
syntax for it, may be with comments.
|
|
|
|
default stateful ipv6 address & prefix radius attrs are per-rfc6911:
171 Delegated-IPv6-Prefix-Pool
172 Stateful-IPv6-Address-Pool
the single pool name from chap-secret file pool is shared for
ipv4/ipv6/ipv6 dp, new config syntax TBD.
per-proto pool names are still for ipv4 only, new config syntax TBD.
|
|
|
|
If multisession behavior is managed by accel-ppp and Radius server
ignores the case of the User-Name attribute, it might be required to
ignore the case in accel-ppp to prevent multiple session with
different letter cases.
|
|
|
|
sstp: implement ssl-protocol option and add unsupported features logging
|
|
|
|
|
|
possible protocols are ssl2, ssl3, tls1, tls1.1, tls1.2 and tls1.3,
but support does depend on openssl library.
defaults are up to openssl library w/o ssl2/ssl3.
|
|
|
|
|
|
|
|
|
|
sstp: ipv6/unix sock & proxy protocol support
|
|
|
|
currently the only ssl value is supported
|
|
|
|
|
|
|
|
if not set, fallback to private key in the same ssl-pemfile
|
|
|
|
|
|
Warning: config options are changed aligned with general accel-ppp style.
Following cases, including no-openssl build are supported:
ssl | ssl-pemfile | behavior
1 set get both sha1 & sha256 from the certificate
0 set get both sha1 & sha256 from the certificate
0 unset use cert-hash-sha1 and/or cert-hash-sha256 hex options
no-openssl use cert-hash-sha1 and/or cert-hash-sha256 hex options
cert-hash-sha1 and/or cert-hash-sha256 hex options override certificate's,
so it's possible to turn certficate hash verification off with just empty
values (default).
|
|
|
|
|
|
new config options:
[ipoe]
weight=N - global weight
interface=ethX,weight=N - per-interface weight
How it works:
On reception of DHCPDISCOVER accel-ppp sends broadcast DHCP message to port 67 with same xid and add special vendor-specific option
where encodes its current session count multipled by weight.
On reception of such message accel-ppp searches session with same xid and compares weight.
If received weight is less than session's weight then it terminates this session.
per-interface weight=0 has special meaning as backup (fail-over) interface, f.e. it terminates session on any received weight.
By default weight based load balancing is disabled.
To enable need to specify global or/and per-interface weight.
|
|
If pool specified with /128 prefix length, then initialize intf_id by gw_ip6_address and peer_intf_id by generated pool address.
|
|
config changes:
[ip-pool]
x.x.x.x/mask,name=pool1
y.y.y.y/mask,name=pool2,next=pool1
|
|
Reuse exsisting radius functionality and allow set iterface name
template for pppoe/pptp/l2tp, '%d' specification will be replaced
automagically to the next available index by kernel.
PPP interface rename allows to easy differ client's interfaces from
the other ppp ones, for example, with just netfilter interface rules.
Example:
[pptp]
ifname=pptp%d will produce pptp0, pptp1, ...
|
|
default value for renew-time fixed
|
|
[ppppd-compat]
fork-limit=N
Specifies number of simultaneously running background processes.
|
|
introduced new config option:
[ipoe]
vendor=Name
this affects to all attributes specified in attr-xxx options
|
|
new config option:
[common]
max-sessions=N
If set then accel-pppd stops reply to new connection requests if total number of sessions (active and starting) is reached specified limit.
|
|
This reverts commit 88a908974b0b2e9c7eee8ad9a8b0b4432e95d167.
|
|
new config option:
[common]
max-sessions=N
If set then accel-pppd stops reply to new connection requests if total number of sessions (active and starting) is reached specified limit.
|
|
This reverts commit 9ea88bac7d5bf8fc5cf2d5f7d0a734ec7a9e6df6.
|
|
new config option:
[common]
max-sessions=N
If set then accel-pppd stops reply to new connection requests if total number of sessions (active and starting) is reached specified limit.
|
