welterde/l2tpns
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add MessageAuthenticator support

Browse source 
To address RadiusBLAST vulnerability.

Fixes #16
This commit is contained in:
Samuel Thibault 2024-10-19 22:31:59 +02:00
parent 42ef80e0b4
commit cc012e18fa
8 changed files with 149 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

14
docs/manpages/startup-config.5
View file

@ -1,4 +1,4 @@
.\" Automatically generated by Pandoc 3.0.1
.\" Automatically generated by Pandoc 3.1.3
.\"
.\" Define V font for inline verbatim, using C font in formats
.\" that render this, and otherwise B font.
@ -360,6 +360,18 @@ RADIUS interim accounting records (in seconds).
This secret will be used in all RADIUS queries.
If this is not set then RADIUS queries will fail.
.PP
\f[B]radius_require_message_authenticator\f[R] (string)
.PP
If set to true, RADIUS answers to AccessRequests will have to contain a
valid MessageAuthenticator.
If set to auto (default), if the first RADIUS answer to AccessRequests
contains a valid MessageAuthenticator, subsequent answers will have to
contain one.
If set to no (not recommended), RADIUS answers to AccessRequests do not
have to contain a valid MessageAuthenticator.
It is advised to set this to true after checking that your RADIUS server
does send MessageAuthenticator.
.PP
\f[B]radius_authtypes\f[R] (string)
.PP
A comma separated list of supported RADIUS authentication methods