Support for PPP without authentication

rtbrick / bngblaster

The BNG Blaster is an open-source network tester for access and routing protocols.

https://rtbrick.github.io/bngblaster/

BSD 3-Clause "New" or "Revised" License

202 stars 32 forks source link

Support for PPP without authentication #259

Closed nward closed 2 days ago

nward commented 3 months ago

Is your feature request related to a problem? Please describe.

Some BNG configurations don't request PPP authentication, and relying on agent-circuit-id and agent-remote-id. BNG blaster does not operate if authentication is not configured. If it is configured, but not negotiated, it does not bring up the session and just constantly tries to request authentication to be negotiated.

Describe the solution you'd like

Two options, maybe both:

Support client configurations which do not have authentication
Allow clients to come up when a BNG does not negotiate authentication

Describe alternatives you've considered

We can change the BNG configuration in some cases to use a default username/password - however this is a functional change to the BNG so is not ideal for testing.

Additional context

n/a

GIC-de commented 3 months ago

I haven't expected this use case, since all customer I worked with using line based authentication (agent-remote-id, ...), they just ignore username/password but still negotiate authentication.

The main reason for ignoring authentication vs. disabled authentication is the better client compatibility, since some clients did not support PPPoE without authentication. Another reason for authentication is that a lot of providers pass some CPE parameters like shaping rate, ... using the authentication reply-message.

Anyhow, I can consider this as an option to disable authentication in the BNG Blaster.

GIC-de commented 2 months ago

Fixed in dev branch. As long as there is no authentication protocol explicitly configured in the BNG Blaster configuration, we will now accept to skip authentication phase.

nward commented 2 months ago

Great, thank you! I will do some testing of this in the next couple of weeks when I am back in our test environment.

Re. your earlier comments, yes - this is an unusual case certainly.

BNG relevant information like shaping rate etc. in the reply messages still happens, as RADIUS still happens like normal. For this deployment model, we configured the BNG with a username/password to use in the RADIUS auth request, of course usually that would be provided by the RGW. We ignore that either way though, and only consider agent-remote-id etc.

You are right that some RGWs expect a specific textual message format in a PPP Authentication-ACK, for example Fritzbox uses this to provide TR069 server info as PPP/PPPoE has no mechanism to convey this like DHCP does. This is of course not possible if PPP does not attempt authentication.

GIC-de commented 1 month ago

This change is now available in version 0.9.3!