Tuesday, March 31, 2009

IP Dialing From PC To LNS and Radius Will Authenticate


This post will cover the ip dialing from Microsoft PC with using PPTP protocol. Once PC is able to dial LNS which is 1.1.1.1 there after radius will authenticate the username and password sent by the PC. Once it is authenticated LNS will allocate the ip address from the pool configured to PC.

How VPDN works
a) PC will dial LNS public ip.
b) A ppp call will come to LNS and it will forward to the radius.
c) Radius will check the credentials and replied back to LNS.
d) There after LNS will allocate the ip address to PC from the Pool configured.

Configuration
Configure Router as LNS

aaa new-model
!
!
aaa group server radius default-group
server-private u.v.w.y auth-port 1645 acct-port 1646 key 7 044F1E0A06314F410
717001406
### Default-group is created and under this radius ip address is given with port number and password. ###
ip radius source-interface loopback0
deadtime 0
!
aaa authentication ppp default group default-group local
#####Default-Group is called here. The command tells whenever ppp packets will come forward it to default-group and if the group is not available then do the local authentication ######
!
vpdn enable ### Command used for enabling VPDN###
!
vpdn-group 1 ### Under this vpdn group virtual template is binding###
! Default PPTP VPDN group
accept-dialin
protocol pptp ###PPTP is the dialing protocol###
virtual-template 1 ###Virtual template 1 is calling here###
local name CE_Router ###Hostname is required and the same is configured in Radius#
!
interface Loopback0
Description For Radius
ip address 2.2.2.2 255.255.255.255
!
interface Loopback226
Description Customer will dial This IP From PC
ip address 1.1.1.1 255.255.255.248
!
interface Virtual-Template5
ip unnumbered loopback226 ###Binding loopback with virtual template###
peer default ip address pool TEST ###After authentication IP will be allocated from TEST Pool ###
ppp authentication pap chap ###Authentication protocol###
!
ip local pool TEST 1.1.1.1 1.1.1.6 ###Local Pool###


Radius Configuration
[ //localhost/Radius/UserLists/shivlujain ]
Name = shivlujain
Description =
Password =
Enabled = TRUE
Group~ =
BaseProfile~ =
AuthenticationScript~ =
AuthorizationScript~ =
UserDefined1 =
AllowNullPassword = FALSE
Attributes/
CheckItems/

Username shivlujain and password cisco is created and the same will be provided during dialing from PC.

Debug Outputs
CE_Router# debug radius

ppp58 PPP: Using vpn set call direction
ppp58 PPP: Treating connection as a callin
ppp58 PPP: Session handle[FB000051] Session id[58]
ppp58 PPP: Authorization required
ppp58 PAP: I AUTH-REQ id 30 len 16 from "shivlujain"
ppp58 PAP: Authenticating peer test2
ppp58 PPP: Sent PAP LOGIN Request
RADIUS/ENCODE(0000004F):Orig. component type = VPDN
RADIUS: AAA Unsupported Attr: interface [157] 14
RADIUS: 55 6E 69 71 2D 53 65 73 73 2D 49 44 [Uniq-Sess-ID]
RADIUS(0000004F): Config NAS IP: 2.2.2.2
RADIUS/ENCODE(0000004F): acct_session_id: 75
RADIUS(0000004F): sending
RADIUS(0000004F): Send Access-Request to u.v.w.y:1645 id 1645/41, len 91
RADIUS: authenticator E8 0E 9B AA 9D FF A2 77 - 57 53 8A E7 CF FA 4B 6B
RADIUS: Framed-Protocol [7] 6 PPP [1]
RADIUS: User-Name [1] 7 "shivlujain"
RADIUS: User-Password [2] 18 *
RADIUS: NAS-Port-Type [61] 6 Virtual [5]
RADIUS: NAS-Port [5] 6 58
RADIUS: NAS-Port-Id [87] 16 "Uniq-Sess-ID58"
RADIUS: Service-Type [6] 6 Framed [2]
RADIUS: NAS-IP-Address [4] 6 2.2.2.2
RADIUS: Received from id 1645/41 u.v.w.y:1645, Access-Accept, len 32
RADIUS: authenticator 2D 38 D5 50 43 DB 31 BE - 1C A4 2F 8E 2F D9 9A 7E
RADIUS: Service-Type [6] 6 Framed [2]
RADIUS: Framed-Protocol [7] 6 PPP [1]
RADIUS(0000004F): Received from id 1645/41
ppp58 PPP: Received LOGIN Response PASS
%LINK-3-UPDOWN: Interface Virtual-Access3, changed state to up

CE_Router#debug ppp authentication
PPP authentication debugging is on

ppp60 PPP: Using vpn set call direction
ppp60 PPP: Treating connection as a callin
ppp60 PPP: Session handle[47000058] Session id[60]
ppp60 PPP: Authorization required
ppp60 PAP: I AUTH-REQ id 31 len 16 from "shivlujain"
ppp60 PAP: Authenticating peer test2
ppp60 PPP: Sent PAP LOGIN Request
ppp60 PPP: Received LOGIN Response PASS
%LINK-3-UPDOWN: Interface Virtual-Access3, changed state to up
Vi3 PPP: Sent LCP AUTHOR Request
Vi3 PPP: Sent MLP AUTHOR Request
Vi3 LCP: Received AAA AUTHOR Response PASS
Vi3 MLP: Received AAA AUTHOR Response PASS
Vi3 PAP: O AUTH-ACK id 31 len 5
%LINK-3-UPDOWN: Interface Virtual-Access4, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access3, changed state t
o up
Vi4 PPP: Sent IPCP AUTHOR Request
Vi4 IPCP: Received AAA AUTHOR Response PASS
%LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access4, changed state t
o up

Show Commands
Show users will provide you the list of connected interface.


regards
shivlu jain

People who read this post also read :



3 comments:

Marco Rizzi said...

good point Shivlu!
This is exaclty our vpn pptp configuration too,
in my opinion you can add two commands under the virtual-template configuration:
ppp pfc local forbid !---> do not perform compression locally
ppp pfc remote reject !---> reject remote compression proposals
In my experience compression has caused some problems/disconnections with clients.
Nice work! I look forward to read your interesting news daily! ;-)
Marco

shivlu jain said...

Yeah March, your point is valid and need to be taken care.

Thanks for your input.

regards
shivlu jain

Anonymous said...

Who knows where to download XRumer 5.0 Palladium?
Help, please. All recommend this program to effectively advertise on the Internet, this is the best program!