From 27928236fcd67a0d710e163d7a3cb381a7f700c1 Mon Sep 17 00:00:00 2001 From: Viacheslav Hletenko Date: Fri, 17 Feb 2023 10:35:49 +0000 Subject: T5005: PPPoE server allow any login with option noauth Disabling authentication is useful in emergency situations (e.g. RADIUS server is down) or testing purposes. Clients can connect with any login and username. set service pppoe-server authentication mode 'noauth' --- data/templates/accel-ppp/pppoe.config.j2 | 10 ++++++++- .../include/accel-ppp/auth-mode.xml.i | 8 ++++++-- interface-definitions/service-ipoe-server.xml.in | 24 +--------------------- 3 files changed, 16 insertions(+), 26 deletions(-) diff --git a/data/templates/accel-ppp/pppoe.config.j2 b/data/templates/accel-ppp/pppoe.config.j2 index 811c4ccc0..dd53edd28 100644 --- a/data/templates/accel-ppp/pppoe.config.j2 +++ b/data/templates/accel-ppp/pppoe.config.j2 @@ -30,6 +30,11 @@ syslog=accel-pppoe,daemon copy=1 level=5 +{% if authentication.mode is vyos_defined("noauth") %} +[auth] +noauth=1 +{% endif %} + {% if snmp.master_agent is vyos_defined %} [snmp] master=1 @@ -133,7 +138,10 @@ pado-delay={{ pado_delay_param.value }} called-sid={{ authentication.radius.called_sid_format }} {% endif %} -{% if authentication.mode is vyos_defined("local") %} +{% if authentication.mode is vyos_defined("local") or authentication.mode is vyos_defined("noauth") %} +{% if authentication.mode is vyos_defined("noauth") %} +noauth=1 +{% endif %} {% if client_ip_pool.name is vyos_defined %} {% for pool, pool_config in client_ip_pool.name.items() %} {% if pool_config.subnet is vyos_defined %} diff --git a/interface-definitions/include/accel-ppp/auth-mode.xml.i b/interface-definitions/include/accel-ppp/auth-mode.xml.i index c1a87cfe3..ccaed6f04 100644 --- a/interface-definitions/include/accel-ppp/auth-mode.xml.i +++ b/interface-definitions/include/accel-ppp/auth-mode.xml.i @@ -10,11 +10,15 @@ radius Use RADIUS server for user autentication + + noauth + Authentication disabled + - (local|radius) + (local|radius|noauth) - local radius + local radius noauth local diff --git a/interface-definitions/service-ipoe-server.xml.in b/interface-definitions/service-ipoe-server.xml.in index ca4929249..ebe99d3aa 100644 --- a/interface-definitions/service-ipoe-server.xml.in +++ b/interface-definitions/service-ipoe-server.xml.in @@ -117,29 +117,7 @@ Client authentication methods - - - Authetication mode - - local radius noauth - - - (local|radius|noauth) - - - local - Authentication based on local definition - - - radius - Authentication based on a RADIUS server - - - noauth - Authentication disabled - - - + #include Network interface for client MAC addresses -- cgit v1.2.3