search

rtbrick / bngblaster

The BNG Blaster is an open-source network tester for access and routing protocols.
https://rtbrick.github.io/bngblaster/
BSD 3-Clause "New" or "Revised" License
207 stars 34 forks source link

L2TP Proxy Authentication AVPs ignored #154

Open SoerenBusse opened 1 year ago

SoerenBusse commented 1 year ago

Describe the bug

When using L2TP Proxy authentication, my assumption would be that BNG-Blaster immediately replies with a PPP CHAP or PPP PAP Success message and validates the Proxy Authen AVPs after sending the ZLB. Instead, BNG-Blaster doesn't send anything and waits for the Access PPP-Client to send another PAP Authentication Request or CHAP Challenge Response, because it hasn't received anything within it's timeout interval. While it works, this makes session setup rate very slow and is from my point of view not the correct behaviour.

BNGBlaster-L2TP-PAP

To Reproduce

Version (bngblaster -v):

Version: DEV
Compiler: GNU (11.3.0)
GIT:
  REF: release-0.8.13
  SHA: 2c5bf6857d7be26fe071883c8d1686b1f4d91c29
IO Modes: packet_mmap_raw (default), packet_mmap, raw, dpdk

JSON configuration:

{
  "interfaces": {
    "network": {
      "interface": "enp1s0f1np1",
      "address": "10.189.214.2",
      "gateway": "10.189.214.1"
    },
    "access": [
      {
        "interface": "enp1s0f0np0",
        "outer-vlan-min": 109,
        "outer-vlan-max": 109,
        "inner-vlan-min": 7,
        "inner-vlan-max": 7,
        "qinq": true,
        "authentication-protocol": "CHAP"
      }
    ]
  },
  "pppoe": {
    "reconnect": true,
    "discovery-timeout": 3,
    "discovery-retry": 10
  },
  "ppp": {
    "mru": 1492,
    "authentication": {
      "username": "lac",
      "password": "password",
      "timeout": 1,
      "retry": 60
    },
    "lcp": {
      "conf-request-timeout": 5,
      "conf-request-retry": 30,
      "keepalive-interval": 30,
      "keepalive-retry": 3
    },
    "ipcp": {
      "enable": true
    },
    "ip6cp": {
      "enable": true
    }
  },
  "l2tp-server": [
    {
      "name": "LNS1",
      "address": "10.189.214.2",
      "secret": "bngblaster",
      "receive-window-size": 8
    }
  ],
  "session-traffic": {
    "autostart": true,
    "ipv4-pps": 1
  }
}

Steps to reproduce the behavior:

  1. Run BNG-Blaster using the above configuration with a LAC using Proxy Authentication

Expected behavior

I would expect an immediate Authenticate-Ack without a second Authenticate-Request like O2's L3BSA using Telekom Wholebuy, captured on a customer connection, so the session setup is done very fast:

O2-Capture

Screenshots

If applicable, add screenshots to help explain your problem.

Additional context

Add any other context about the problem here.

GIC-de commented 1 year ago

Proxy authentication is optional and currently not supported in the BNG Blaster. I will consider this as a feature request to add proxy authentication support.