Closed nward closed 2 months ago
I haven't expected this use case, since all customer I worked with using line based authentication (agent-remote-id, ...), they just ignore username/password but still negotiate authentication.
The main reason for ignoring authentication vs. disabled authentication is the better client compatibility, since some clients did not support PPPoE without authentication. Another reason for authentication is that a lot of providers pass some CPE parameters like shaping rate, ... using the authentication reply-message.
Anyhow, I can consider this as an option to disable authentication in the BNG Blaster.
Fixed in dev
branch. As long as there is no authentication protocol explicitly configured in the BNG Blaster configuration, we will now accept to skip authentication phase.
Great, thank you! I will do some testing of this in the next couple of weeks when I am back in our test environment.
Re. your earlier comments, yes - this is an unusual case certainly.
BNG relevant information like shaping rate etc. in the reply messages still happens, as RADIUS still happens like normal. For this deployment model, we configured the BNG with a username/password to use in the RADIUS auth request, of course usually that would be provided by the RGW. We ignore that either way though, and only consider agent-remote-id etc.
You are right that some RGWs expect a specific textual message format in a PPP Authentication-ACK, for example Fritzbox uses this to provide TR069 server info as PPP/PPPoE has no mechanism to convey this like DHCP does. This is of course not possible if PPP does not attempt authentication.
This change is now available in version 0.9.3!
Is your feature request related to a problem? Please describe.
Some BNG configurations don't request PPP authentication, and relying on agent-circuit-id and agent-remote-id. BNG blaster does not operate if authentication is not configured. If it is configured, but not negotiated, it does not bring up the session and just constantly tries to request authentication to be negotiated.
Describe the solution you'd like
Two options, maybe both:
Describe alternatives you've considered
We can change the BNG configuration in some cases to use a default username/password - however this is a functional change to the BNG so is not ideal for testing.
Additional context
n/a