7081b7aaac
radius: Use IPv6 for communication
...
IPv4 now only supported via IPv6-mapped addresses.
2025-10-13 16:53:35 +02:00
e9c8c172b9
Do not send non-needed AVPs in SCCCN
2025-05-06 21:33:33 +02:00
81f807eba0
AVP 8 (Vendor Name) should NOT have M-bit set according to RFC
2025-05-05 20:04:18 +02:00
702ed1ec72
Quick fix to at least decode slightly larger hidden AVPs correctly
2025-05-05 03:15:52 +02:00
690e09ba57
Initialize memory so we get zero-terminated string
2025-05-05 03:15:26 +02:00
2b13f59f6a
Only send in hacky case
2025-05-05 00:52:28 +02:00
225ac28120
ugly hack
2025-05-05 00:24:15 +02:00
f21401a0cc
Also save last recv/sent LCP confreq
2025-05-05 00:10:09 +02:00
035b4604ee
gnah.. take3
2025-05-04 23:53:45 +02:00
a11374b80a
Derp.. wrong struct
2025-05-04 23:53:04 +02:00
088d44a572
Also copy auth_name
2025-05-04 23:52:00 +02:00
60be20cf32
Fix possible buffer overflow when dealing with auth challenge/response
2025-05-04 13:42:47 +02:00
3015533293
Store proxy auth information also when forwarding session
2025-05-04 12:35:27 +02:00
54d36d7512
Merge remote-tracking branch 'upstream/master'
2025-05-03 10:55:58 +02:00
57004c5744
Attempt to hack in acceleration for PPPoE
2025-04-29 00:43:40 +02:00
0c9338b03a
Make sure to add HDLC header when forwarding over L2TP
2025-04-29 00:43:00 +02:00
7442bddd3d
More example configs
2025-04-29 00:41:21 +02:00
ace7452145
Create socket for PPPoE
2025-04-22 14:02:55 +02:00
Samuel Thibault
e7db528544
Add lcp_renegotiation option
...
To support proxy LCP negotiation.
Note: we *have* to take the auth id from the proxy answer, otherwise we would
replay previous ids, for which the client might cache the answer and thus
ignore our new challenge and just repeat their outdated answer.
2025-04-18 14:41:36 -04:00
Samuel Thibault
817ce35748
ppp: Move LCP received configuration parsing to a separate function
...
So it can be reused for proxy LCP negotiation.
2025-04-18 14:41:36 -04:00
Samuel Thibault
9425c725c9
Note kernel requirement for LAC acceleration
2025-04-01 17:48:05 +02:00
Samuel Thibault
a56de89a4c
kernel accel: if switching takes a long time, back off
...
That can happen even with not many sessions, e.g. on a loaded machine with a
lot of routes
2025-03-31 03:46:05 +02:00
Samuel Thibault
b2942b3c53
cluster: Support running multiple instances on the same host
...
With IP_MULTICAST_LOOP they can see each other. We "just" have to make sure
they use different IP addresses and route metrics to distinguish from each
other.
2025-03-31 03:45:19 +02:00
Samuel Thibault
366faaea76
ipcp: try to re-send CHAP ack on timeout
...
If it was lost, some clients (e.g. pppd) may not try to re-send their CHAP reply.
2025-03-31 03:43:05 +02:00
Samuel Thibault
b3b052a483
cluster: Close l2tp sockets before routes
...
So another l2tpns on the same host can receive l2tp while we are quickly
removing our routes.
2025-03-31 03:39:31 +02:00
Samuel Thibault
7d2d97436c
cluster: Don't wait for peer chap answer before leaving
...
The next master can restart the authentication
2025-03-31 03:37:05 +02:00
Samuel Thibault
5c0e3949f8
route: Add if index in log
2025-03-30 21:51:43 +02:00
Samuel Thibault
c9aac241ea
route: Update time while adding/removing routes
...
So we seen when adding/removing a lot of them if that takes a long time
2025-03-30 20:47:14 +02:00
Samuel Thibault
ebb8784ec3
kernel_accel: Cope with receiving freed sessions
2025-03-30 19:59:56 +02:00
Samuel Thibault
8b3ccb2ac5
l2tp: Increase queue size
...
So we can catch up according to the window that we announce.
2025-03-30 19:17:16 +02:00
Samuel Thibault
b64ad7990b
Update comment
2025-03-30 18:05:45 +02:00
Samuel Thibault
fa64a8010d
chap: cope with our ack being lost
2025-03-30 17:57:33 +02:00
Samuel Thibault
22f650d828
Log explicitly when shutting down
2025-03-30 17:57:33 +02:00
Samuel Thibault
4ba646d2af
Reduce loglevel of multi_read_count
2025-03-30 17:53:29 +02:00
Samuel Thibault
37ff318b32
cli: Show tunnel queue length
2025-03-30 17:32:56 +02:00
Samuel Thibault
0845ec8a19
Add route_metric option
...
To be able to keep different routes from several running l2tpns instances.
2025-03-30 17:12:01 +02:00
Samuel Thibault
b793850d2f
Add route_protocol option
...
To be able to distinguish routes from several running l2tpns instances.
2025-03-30 17:11:53 +02:00
Samuel Thibault
44b01d70c6
regenerate docs
2025-03-30 12:01:08 +02:00
Samuel Thibault
544a622c2a
Make it clear that the cluster peer list is currently at the time of connection
2025-03-29 17:20:39 +01:00
Samuel Thibault
2af4b47f46
Permanently store authentication id in sess_local[s].auth_id
...
rather than ping-ponging with radius[r].id
This also make sendchap use a different id on each call, necessary for
some clients which cache responses.
2025-03-29 16:11:40 +01:00
Samuel Thibault
c4147ed3cc
typo
2025-03-29 15:58:40 +01:00
Samuel Thibault
43cbe0e4b2
Fix setting route metric (aka priority)
2025-03-29 14:43:28 +01:00
Samuel Thibault
75144a546c
l2tp: Add CHAP auth information in ICCN
...
To support proxy auth.
2025-03-28 20:38:19 +01:00
Samuel Thibault
12cc3c39b0
Advertise LAC support
2025-03-25 02:26:39 +01:00
Samuel Thibault
450467d626
Fix split words
2025-03-25 02:24:40 +01:00
Samuel Thibault
c8c24f515b
Fix links
2025-03-25 02:21:10 +01:00
Samuel Thibault
6f214e57ef
Add links to documentations
2025-03-25 02:19:26 +01:00
Samuel Thibault
499677627f
l2tp: Expose a control receive window > 4
...
The default 4 is really small, and imposes very sequential processing of
reconnections in case we lose all sessions. Nowadays we easily have
memory for a lot more.
2025-03-23 19:06:07 +01:00
Samuel Thibault
c12eab7a9c
l2tp: Disable ZLB send optimization
...
controlc doesn't mean we will send more messages, but only that some of them
are pending ack. If we have already sent them and the peer has just not
acked them yet, controlnull() would not send a ZLB, and once the peer
has acked our control messages, we wouldn't send a ZLB with an updated Nr.
2025-03-23 18:52:32 +01:00
Samuel Thibault
40796d2adb
l2tp: Add PAP auth information in ICCN
...
To support proxy auth.
2025-03-23 03:17:44 +01:00
