Hi,
I "hacked" a quick mod for mpd/pppoe server to allow me to use pfsense
as an access concentrator for dial-up users (via ethernet).
Pfsense was perfectly capable of allowing access via pppoe / radius but
was missing a way for the radius server to check if a particular user
was still logged in.
This is necessary because if the access server looses connection/resets
etc, the radius server will contain active sessions that are stale. If
the user tries to login (via another access server for example), the
login will be denied because of the stale session.
One way to prevent this is to have the radius server check the old
access server. If the server cannot be accessed or the session is not
active, the old session will be removed and a new session will be created.
There're different ways to check if a user is logged (snmp being one,
telnet etc being the others), but an easy way is to make a simple a
server on a known port. Telnetting to this port shows currently logged
users.
My mod does exactly this:
-) provides iface-up and iface-down scripts for mpd to keep track of
the currently logged users.
-) modifies filter.inc, vpn_pppoe.php and the mpd config generation
script.
-) provides a simple inetd-based server to list the users (separated
from the inetd running on localhost for the nat reflection helpers).
-) provides a script for freeradius to check if a particular user is
logged on the access server.
I have not provided this via a separate package because I want it to
work on the embedded platform.
I would like to know if these mods are interesting and could be included
in the pfsense code ?
Also, what is the best way to provide them (I have a patch-set ready). ?
Paul.
