On 2/28/07, Paul <[EMAIL PROTECTED]> wrote:
Hi,I "hacked" a quick mod for mpd/pppoe server to allow me to use pfsense as an access concentrator for dial-up users (via ethernet). Pfsense was perfectly capable of allowing access via pppoe / radius but was missing a way for the radius server to check if a particular user was still logged in. This is necessary because if the access server looses connection/resets etc, the radius server will contain active sessions that are stale. If the user tries to login (via another access server for example), the login will be denied because of the stale session. One way to prevent this is to have the radius server check the old access server. If the server cannot be accessed or the session is not active, the old session will be removed and a new session will be created. There're different ways to check if a user is logged (snmp being one, telnet etc being the others), but an easy way is to make a simple a server on a known port. Telnetting to this port shows currently logged users. My mod does exactly this: -) provides iface-up and iface-down scripts for mpd to keep track of the currently logged users. -) modifies filter.inc, vpn_pppoe.php and the mpd config generation script. -) provides a simple inetd-based server to list the users (separated from the inetd running on localhost for the nat reflection helpers). -) provides a script for freeradius to check if a particular user is logged on the access server. I have not provided this via a separate package because I want it to work on the embedded platform. I would like to know if these mods are interesting and could be included in the pfsense code ? Also, what is the best way to provide them (I have a patch-set ready). ? Paul.
http://wiki.pfsense.com/wikka.php?wakka=SubmittingPatches describes the process. Scott
