Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

L2TP Proxy Authentication AVPs ignored #154

Open
SoerenBusse opened this issue Feb 14, 2023 · 1 comment
Open

L2TP Proxy Authentication AVPs ignored #154

SoerenBusse opened this issue Feb 14, 2023 · 1 comment
Assignees
@GIC-de
Labels
enhancement New feature or request l2tp L2TPv2 medium Medium priority

Comments

@SoerenBusse
Copy link

SoerenBusse commented Feb 14, 2023
edited
Loading

Describe the bug

When using L2TP Proxy authentication, my assumption would be that BNG-Blaster immediately replies with a PPP CHAP or PPP PAP Success message and validates the Proxy Authen AVPs after sending the ZLB. Instead, BNG-Blaster doesn't send anything and waits for the Access PPP-Client to send another PAP Authentication Request or CHAP Challenge Response, because it hasn't received anything within it's timeout interval. While it works, this makes session setup rate very slow and is from my point of view not the correct behaviour.

BNGBlaster-L2TP-PAP

To Reproduce

Version (bngblaster -v):

Version: DEV
Compiler: GNU (11.3.0)
GIT:
  REF: release-0.8.13
  SHA: 2c5bf6857d7be26fe071883c8d1686b1f4d91c29
IO Modes: packet_mmap_raw (default), packet_mmap, raw, dpdk

JSON configuration:

{
  "interfaces": {
    "network": {
      "interface": "enp1s0f1np1",
      "address": "10.189.214.2",
      "gateway": "10.189.214.1"
    },
    "access": [
      {
        "interface": "enp1s0f0np0",
        "outer-vlan-min": 109,
        "outer-vlan-max": 109,
        "inner-vlan-min": 7,
        "inner-vlan-max": 7,
        "qinq": true,
        "authentication-protocol": "CHAP"
      }
    ]
  },
  "pppoe": {
    "reconnect": true,
    "discovery-timeout": 3,
    "discovery-retry": 10
  },
  "ppp": {
    "mru": 1492,
    "authentication": {
      "username": "lac",
      "password": "password",
      "timeout": 1,
      "retry": 60
    },
    "lcp": {
      "conf-request-timeout": 5,
      "conf-request-retry": 30,
      "keepalive-interval": 30,
      "keepalive-retry": 3
    },
    "ipcp": {
      "enable": true
    },
    "ip6cp": {
      "enable": true
    }
  },
  "l2tp-server": [
    {
      "name": "LNS1",
      "address": "10.189.214.2",
      "secret": "bngblaster",
      "receive-window-size": 8
    }
  ],
  "session-traffic": {
    "autostart": true,
    "ipv4-pps": 1
  }
}

Steps to reproduce the behavior:

  1. Run BNG-Blaster using the above configuration with a LAC using Proxy Authentication

Expected behavior

I would expect an immediate Authenticate-Ack without a second Authenticate-Request like O2's L3BSA using Telekom Wholebuy, captured on a customer connection, so the session setup is done very fast:

O2-Capture

Screenshots

If applicable, add screenshots to help explain your problem.

Additional context

Add any other context about the problem here.
@SoerenBusse SoerenBusse added the bug Something isn't working label Feb 14, 2023
@GIC-de GIC-de added enhancement New feature or request medium Medium priority l2tp L2TPv2 and removed bug Something isn't working labels Feb 14, 2023
@GIC-de
Copy link
Member

GIC-de commented Feb 14, 2023

Proxy authentication is optional and currently not supported in the BNG Blaster. I will consider this as a feature request to add proxy authentication support.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@GIC-de GIC-de

Labels
enhancement New feature or request l2tp L2TPv2 medium Medium priority
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@GIC-de @SoerenBusse