welterde/l2tpns
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add MessageAuthenticator support

Browse source 
To address RadiusBLAST vulnerability.

Fixes #16
This commit is contained in:
Samuel Thibault 2024-10-19 22:31:59 +02:00
parent 42ef80e0b4
commit cc012e18fa
8 changed files with 149 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

12
docs/src/html/manual.md
View file

@ -203,6 +203,18 @@ should be set by a line like: set configstring \"value\" set ipaddress
: This secret will be used in all RADIUS queries. If this is not set
then RADIUS queries will fail.
`radius_require_message_authenticator` (string)
: If set to true, RADIUS answers to AccessRequests will have to contain
a valid MessageAuthenticator.
If set to auto (default), if the first RADIUS answer to AccessRequests
contains a valid MessageAuthenticator, subsequent answers will have to
contain one.
If set to no (not recommended), RADIUS answers to AccessRequests do not have
to contain a valid MessageAuthenticator.
It is advised to set this to true after checking that your RADIUS server
does send MessageAuthenticator.
`radius_authtypes` (string)
: A comma separated list of supported RADIUS authentication methods