From 1addd77cf73bef943175648d534cce2e1a66497f Mon Sep 17 00:00:00 2001 From: Denys Fedoryshchenko Date: Sat, 24 Jan 2026 18:20:37 +0200 Subject: dae-allowed: Remove nagging about making option mandatory Signed-off-by: Denys Fedoryshchenko --- accel-pppd/accel-ppp.conf | 1 + accel-pppd/accel-ppp.conf.5 | 1 + accel-pppd/radius/radius.c | 6 ------ 3 files changed, 2 insertions(+), 6 deletions(-) diff --git a/accel-pppd/accel-ppp.conf b/accel-pppd/accel-ppp.conf index a7f66e5e..a812c547 100644 --- a/accel-pppd/accel-ppp.conf +++ b/accel-pppd/accel-ppp.conf @@ -215,6 +215,7 @@ gw-ip-address=192.168.100.1 server=127.0.0.1,testing123,auth-port=1812,acct-port=1813,req-limit=50,fail-timeout=0,max-fail=10,weight=1 dae-server=127.0.0.1:3799,testing123 #dae-allowed=127.0.0.1,192.0.2.0/24 +#dae-allowed is generally recommended to restrict DM/CoA sources, but not required. verbose=1 #timeout=3 #max-try=3 diff --git a/accel-pppd/accel-ppp.conf.5 b/accel-pppd/accel-ppp.conf.5 index 9339d030..3b56b3cf 100644 --- a/accel-pppd/accel-ppp.conf.5 +++ b/accel-pppd/accel-ppp.conf.5 @@ -1031,6 +1031,7 @@ Specifies IP address, port to bind and secret for Dynamic Authorization Extensio .TP .BI "dae-allowed=" ip[,ip/cidr][,ip[/cidr]...] Specifies allowed source IPv4 addresses or CIDR ranges for DM/CoA requests. +This setting is generally recommended to restrict DM/CoA sources, but it is not required. .br .TP .BI "dm_coa_secret=" secret (deprecated, use dae-server instead) diff --git a/accel-pppd/radius/radius.c b/accel-pppd/radius/radius.c index 1ef27f6d..8dbbe1cd 100644 --- a/accel-pppd/radius/radius.c +++ b/accel-pppd/radius/radius.c @@ -1236,12 +1236,6 @@ static int load_config(void) dae_allow_clear(); } - if (conf_dm_coa_secret && !dae_allow_ranges) { - if (dae_allowed_present) - log_warn("radius: dae-server configured without a valid dae-allowed list; this will become mandatory\n"); - else - log_warn("radius: dae-server configured without dae-allowed; this will become mandatory\n"); - } dae_allow_unlock: pthread_rwlock_unlock(&dae_allow_lock); if (parse_rc) -- cgit v1.2.3