openl2tp-1.5

Tagged:

ftp://ftp.openl2tp.org/releases/openl2tp-1.5

V1.5, 16-AUG-2008

Fix ppp profile ppp authentication options which seem to have been
broken since 0.17. The auth_pap, auth_chap etc options should
translate into refuse-xxx options to pppd, but these pppd arguments
were not generated properly.

While testing an install for an ISP, it was found that pppd would
always offer EAP authentication when negotiating with its peer,
despite auth_eap=off being set in the ppp profile. It turns out that
some ppp peers (including Cisco!) drop the connection unless the peer
asks for the exactly the same authentication method. Specifically, in
a Cisco, if CHAP is configured, it will drop the connection if the
peer suggests that it can do EAP. To configure pppd to force a
specific authentication method, one of pppd's require-xxx options must
be used. Until now, OpenL2TP has no interface to control pppd's
require-xxx auth options. With this release, if all but one of the ppp
profile's auth_xxx options is disabled, OpenL2TP will now
automatically add the require-xxx pppd auth option for the one auth
option that is enabled. For example, to configure CHAP only, set
auth_chap=yes auth_pap=no auth_mschapv1=no auth_mschapv2=no
auth_eap=no in the ppp profile. This will yield the following pppd
arguments: refuse-pap refuse-mschap refuse-mschap-v2 refuse-eap
require-chap.

Fixed a bug in the per-tunnel session limit handling. If configured
with a session limit (non-zero max_sessions value), the tunnel's
session count would be decremented twice if a session was cleaned up
as a result of reaching the session limit. As a result, the next
session would be successfully created, resulting in more sessions on
the tunnel than the user requested.

Improve session event generation such that session_down events are
generated only if the session_up event was previously generated and
session_deleted events are generated only if the session_created event
was previously generated. Previously, if a session never came up
successfully, a session_down and a session_deleted event was
generated. Anyone using custom openl2tp plugins which use the
session_down and session_deleted hooks should test their plugins after
taking this release.

Add a new event_sock plugin which exports a named pipe
/tmp/openl2tpd.evt for use by other processes. A process may listen on
the named pipe for event messages from openl2tpd which tell of session
up/down/created/deleted events. See doc/README.event_sock for details.

Change the loading of plugins to be done after the core application
init has completed. In previous versions, plugins were loaded during
command line argument parsing. This change allows plugins to use
openl2tpd internal APIs that would otherwise be uninintalialised when
the plugin is loaded. The new event_sock plugin makes use of this to
register its file descriptor(s) with the application main loop.