welterde/l2tpns
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add MessageAuthenticator support

Browse source 
To address RadiusBLAST vulnerability.

Fixes #16
This commit is contained in:
Samuel Thibault 2024-10-19 22:31:59 +02:00
parent 42ef80e0b4
commit cc012e18fa
8 changed files with 149 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

12
docs/src/man/startup-config.5.md
View file

@ -215,6 +215,18 @@ The following `variables` may be set:
This secret will be used in all RADIUS queries. If this is not set then RADIUS queries will fail.
**radius\_require\_message\_authenticator** (string)
If set to true, RADIUS answers to AccessRequests will have to contain
a valid MessageAuthenticator.
If set to auto (default), if the first RADIUS answer to AccessRequests
contains a valid MessageAuthenticator, subsequent answers will have to
contain one.
If set to no (not recommended), RADIUS answers to AccessRequests do not have
to contain a valid MessageAuthenticator.
It is advised to set this to true after checking that your RADIUS server
does send MessageAuthenticator.
**radius\_authtypes** (string)
A comma separated list of supported RADIUS authentication methods ("pap" or "chap"), in order of preference (default "pap").