# MPD5 as a LNS to terminate DSL customers



## mmzaj5000 (Jun 25, 2011)

Hi,

I have a FreeBSD box with mpd5 installed from the ports. I am trying to configure mpd as LNS to terminate DSL customers (PPPoE connections). The LAC is a Cisco 10K and I have a standalone Radius (Freeradius), which is already working with a Cisco 7200. 

I would like to get rid of my 7200 and replace it with as many FreeBSD boxes as it takes. However, the documentation is very poor regarding the LNS configuration. I have tried the following configuration, however it's not working at all 

Could you please have a look and reply? Thanks in advance.


```
startup:
# configure mpd users
set user admin mypassword admin
#set user foo1 bar1
# configure the console
set console self 0.0.0.0 6005
set console open
# configure the web server
set web self MyIP 6006
set web open
log +IPV6CP
log +IPV6CP2

#
# Default configuration is "dialup"
default: load l2tp
l2tp:
 # Define dynamic IP address pool.
set ippool add pool1 46.253.94.x 46.253.94.x
#set ippool add pool1 2.1.1.1 2.1.1.254
#set ippool add rfc1918 192.168.22.140 192.168.22.180
# Create clonable bundle template named B
create bundle template B
set iface idle 1800
set iface enable tcpmssfix
set iface down-script /usr/local/etc/mpd5/down.sh
set iface up-script /usr/local/etc/mpd5/up.sh
#set ipcp disable vjcomp
#set bundle enable ipv6cp
#set ipcp deny vjcomp
set ipcp ranges 0.0.0.0/0 82.213.4.0/24
set ipcp dns 46.253.95.7
set ipcp dns 46.253.95.8
#set ipcp nbns 127.0.0.1
# Set bundle template to use. If the lac uses a passwd use the set l2tp secret #line. if not, dont use it
create link template L1 l2tp
set l2tp hostname MyLocalNAme
set l2tp peer 83.244.94.x
set l2tp self 83.244.94.x
set l2tp secret MySecret
#set l2tp enable incoming
set l2tp enable outcall
#set l2tp disable dataseq
set link action bundle B
 # Enable peer authentication
set link disable eap
set link enable incoming
set link enable pap
set link disable acfcomp
set link disable protocomp
set link disable check-magic
set link deny acfcomp
set link keep-alive 10 60
set link deny protocomp
load radius
set link mtu 1460
set link mru 1460
set link enable incoming
set link disable peer-as-calling
radius:
# You can use radius.conf(5), its useful, because you can share the
# same config with userland-ppp and other apps.
#set radius config /etc/radius.conf
#set radius me 192.168.25.2
# or specify the server directly here
set radius server RadiusIP Password 1812 1813
set radius retries 3
set radius timeout 3
# send the given IP in the RAD_NAS_IP_ADDRESS attribute to the server.
# send accounting updates every 5 minutes
set auth acct-update 300
# enable RADIUS, and fallback to mpd.secret, if RADIUS auth failed
set auth enable radius-auth
# enable RADIUS accounting
set auth enable radius-acct
# protect our requests with the message-authenticator
set radius enable message-authentic
set radius enable peer-as-calling
```


----------



## ecazamir (Jun 27, 2011)

Here's a sample configuration for net/mpd5 tested with FreeRADIUS 2:

```
startup:
        # configure mpd users
        # set user foo bar admin
        set user admin_login password admin
        # set user foo1 bar1
        # configure the console
        # set console self 127.0.0.1 5005
        # set console open
        # configure the web server
        set web self 127.0.0.1 5006
        set web open

default:
        load pppoe_server


common:
        set link enable multilink
        set link action bundle B
        set link disable chap pap
        set link accept chap pap
        set auth authname MyLogin
        set link max-redial 0
        set modem var $DialPrefix "DT"
        set modem var $Telephone "1-415-555-1212"
        set modem script DialPeer

pppoe_server:
    # each user get an IP address according to it's RADIUS value of the attribute 
    # named 'Framed-Pool', from the RADIUS response packet
    set ippool add restricted 10.200.1.1 10.200.1.254
    set ippool add subscription_1 172.16.1.1 172.16.1.254
    set ippool add subscription_2 172.16.2.1 172.16.2.254
    create bundle template B
    # A generic IP pool, no user should have it's address assigned fom this pool
    set ipcp ranges 172.16.0.1/32 ippool restricted
    set ipcp dns 8.8.8.8 8.8.16.16
    set iface enable tcpmssfix
    set iface up-script /usr/local/etc/mpd5/scripts/mpd_linkup.sh
    set iface down-script /usr/local/etc/mpd5/scripts/mpd_linkdown.sh

    create link template common pppoe
    set link enable multilink
    set link action bundle B
    set link disable chap pap eap
    set link enable pap
    set link disable check-magic
    set link accept check-magic
    load radius
    set pppoe service "*"

    # use the re1 interface for incoming connections
    create link template [I]re1[/I] common
    set link max-children 1000
    set pppoe iface re1
    set link enable incoming

    # use the vlan100 interface too
    create link template vlan100 common
    set link max-children 1000
    set pppoe iface vlan100
    set link enable incoming

radius:
    set radius server [I]radius_server_address[/I] [I]radius_password[/I] 1812 1813
    set radius retries 1
    set radius timeout 3
    set radius me 127.0.0.1
    set auth acct-update 300
    set auth enable radius-auth
    set auth enable radius-acct
    set auth disable internal
    set auth max-logins 1
    set radius disable message-authentic
```

On this usage scenario (mpd5 + freeradius2), the single problem I have is that I can't use the 'mpd_drop_user' attribute on the RADIUS accounting response packet, so I must terminate a connection by other means, if needed.


----------



## hack2003 (Dec 7, 2014)

ecazamir said:


> Here's a sample configuration for net/mpd5 tested with FreeRADIUS 2:
> <<SNIP>>
> On this usage scenario (mpd5 + freeradius2), the single problem I have is that I can't use the 'mpd_drop_user' attribute on the RADIUS accounting response packet, so I must terminate a connection by other means, if needed.


Can you give more details on these "other means"?


----------

