vforteli / flexinets.radius.radiusserver Goto Github PK

View Code? Open in Web Editor NEW

44.0 8.0 21.0 541 KB

Radius server for .Net. Packets handled in pluggable IPacketHandlers

License: MIT License

C# 100.00%

radius-server rfc2865 rfc2866 radius-dictionary radius netstandard multithreaded

flexinets.radius.radiusserver's Introduction

Radius server library for .NET Standard

This project can be used to create a Radius server in for example a Windows Service.

Packets are handled in multiple threads without running several instances. This can be useful when packet handlers do something slow, like lookups from external dependencies.

Pluggable packet handlers for different remote IPs. Conditionally compliant with RFCs
https://tools.ietf.org/html/rfc2865
https://tools.ietf.org/html/rfc2866
https://tools.ietf.org/html/rfc5997

RadiusServer usage

See https://github.com/vforteli/RadiusServerService/tree/Base for an example implementation
Create a project or appropriate type and add a reference to Flexinets.Radius.RadiusServer

var path = Path.GetDirectoryName(AppDomain.CurrentDomain.BaseDirectory) + "/Content/radius.dictionary";
var dictionary = new RadiusDictionary(path, NullLogger<RadiusDictionary>.Instance);
var radiusPacketParser = new RadiusPacketParser(NullLogger<RadiusPacketParser>.Instance, dictionary);
var packetHandler = new TestPacketHandler();
var repository = new PacketHandlerRepository();
repository.AddPacketHandler(IPAddress.Any, packetHandler, "secret");

var server = new RadiusServer(
    new UdpClientFactory(),
    new IPEndPoint(IPAddress.Any, 1812),
    radiusPacketParser,
    RadiusServerType.Authentication,
    repository,
    NullLogger<RadiusServer>.Instance);

server.Start();

The packet handler should implement IPacketHandler

https://www.nuget.org/packages/Flexinets.Radius.RadiusServer/

flexinets.radius.radiusserver's People

Contributors

Stargazers

Watchers

flexinets.radius.radiusserver's Issues

Invalid Message-Authenticator in packet 224 when using radtest

When using radtest, which is a test tool that comes with FreeRadius, I get an exception System.InvalidOperationException: Invalid Message-Authenticator in packet 224.

$ radtest user password localhost 1812 0 12345

Received packet from 127.0.0.1:56039, Concurrent handlers count: 1
Failed to receive packet from 127.0.0.1:56039
System.InvalidOperationException: Invalid Message-Authenticator in packet 224
   at Flexinets.Radius.Core.RadiusPacket.Parse(Byte[] packetBytes, IRadiusDictionary dictionary, Byte[] sharedSecret)
   at Flexinets.Radius.RadiusServer.GetResponsePacket(IPacketHandler packetHandler, String sharedSecret, Byte[] packetBytes, IPEndPoint remoteEndpoint)
   at Flexinets.Radius.RadiusServer.HandlePacket(IPEndPoint remoteEndpoint, Byte[] packetBytes)
01e00050b12b2bc26bd8156b7b962b27e0fd924a0106757365720212503043021b6fdb74b3b81454c790a64004067f000101050600000714501200000000000000000000000000000000070600000001

Add/remove IPs dynamically

I need a way to modify the list of IPs that are being watched while the server is running. I don't think this is currently possible.

I was thinking that there could be a handler for checking if an IP address is valid. It could just return a bool for accept or reject. Ideally I could just hit my own cache to get the list of valid IPs instead of the internal one. I'll be using a Redis server I think. I think I just need to implement HandlePacket on my own.

If I'm venturing too far off your vision of this project, I can always write this myself, or even submit a pull request if you want. This library (not including the other 2) is pretty manageable.

I would like to consult, you successfully set up radius server?

I want to find C # development of the radius server, do you have?

EAP Support

hi
you can help me for EAP handler ?
on this mode only find 'EAP-Message' and 'Message-Authenticator' attributes and when return packet.CreateResponsePacket(PacketCode.AccessAccept) not accept and need encryption

Add Handlers Obsolete? What is the alternative

Flexinets.Radius.RadiusServer/RadiusServer/IPacketHandlerRepository.cs

Lines 11 to 16 in 7b8ed15

    
           [Obsolete] 
        
           void Add(IPNetwork remoteAddressRange, IPacketHandler packetHandler, string sharedSecret); 
        
           [Obsolete] 
        
           void AddPacketHandler(IPAddress remoteAddress, IPacketHandler packetHandler, string sharedSecret); 
        
           [Obsolete] 
        
           void AddPacketHandler(List<IPAddress> remoteAddresses, IPacketHandler packetHandler, string sharedSecret);

What is the recommended way to add handlers if this way is obsolete?

Support radsec

Possible modifications needed for supporting RadSec (Radius over TCP with or without TLS)

Can I authenticate VPN?

Validate request authenticator

Request authenticator should be validated when parsing accounting request packets from bytes.

Set proper request authenticator in new accounting request packets

Set proper calculated request authenticator in new accounting request packets. Currently set as in access request packets.

Can't connect when running on server

I have a radius server running on both a Windows server and a Linux server. On both of them I'm able to hit the server and get a response while on the server. On Windows I'm using NTRadPing and on Linux I'm using radtest (from freeradius). When trying to hit the server from outside of the hosted servers, the radius server nets gets the request.

I thought this was happening because of ports being blocked. I setup a freeradius server though, and I'm able to hit it just fine and it responds properly, so it has something to do with the RadiusServer code, or my code.

Do you have any clue what could be causing this?

I'd really like to use this library for a very lightweight radius server, and have it seamlessly integrated into the other apps that work with it.

Program.cs

using System;
using System.IO;
using System.Net;
using System.Reflection;
using Flexinets.Net;
using Flexinets.Radius;
using Flexinets.Radius.Core;

namespace InfinitWifi.RadiusServer
{
    class Program
    {
        static void Main(string[] args)
        {
			var ip = "the servers external ip address";

			var dictionaryPath = Path.Combine(Path.GetDirectoryName(Assembly.GetExecutingAssembly().Location), "radius.dictionary");
			var dictionary = new RadiusDictionary(dictionaryPath);
			var localEndpoint = new IPEndPoint(IPAddress.Any, 1812);
			var server = new Flexinets.Radius.RadiusServer(new UdpClientFactory(), localEndpoint, dictionary, RadiusServerType.Authentication);

			var packetHandler = new PacketHandler();
			server.AddPacketHandler(IPAddress.Parse(ip), "12345", packetHandler);

			server.Start();

			Console.WriteLine($"Listening on ip '{ip}'.");

			Console.ReadKey();
        }
    }
}

PacketHandler.cs

using Flexinets.Radius.Core;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;

namespace InfinitWifi.RadiusServer
{
	public class PacketHandler : IPacketHandler
	{
		public IRadiusPacket HandlePacket(IRadiusPacket packet)
		{
			return packet.CreateResponsePacket(PacketCode.AccessAccept);
		}

		public void Dispose()
		{
		}
	}
}

Current example of running the server?

Thanks for the interesting project.

I wonder if there's a current example of running a server available? The example in readme.md doesn't seem to work anymore as the code library has changed.

CHAP-MSCHAP

How do I authenticate it in CHAP?
How to create and send a challenge packet in MS-CHAPv2?
Do you have a sample code?

Thank you.

PacketHandler sharedSecret

Hi,
I've added a packet handler with a shared secret and everythings works fine.

When I change the shared secret on my test client the handler is still triggered. The secret for the handler is not checked against the secret the client sends and the request triggers the handler.

Is this intended or a bug?

Is there an option to dismiss a request, when the shared secret is not matching?

Is it possible to get the shared secret which is sent in the clients request?

Thanks

Vendors for the dictionary

Could you explain your vendor format? I'm looking to add some vendors to my file, but I'm seeing differences from the files I have. I'm using ones from WireShark, but they look like they came from FreeRadius. I'm looking at Cisco vendor 9 as an example. Not everything is included in your file. Some of the names match up and some have cisco- in front when it doesn't in the freeradius file. Casing is different. Are values not put in your file?

To me, this looks to be the format:

# VendorId 25053
VendorSpecificAttribute	25053	1	Ruckus-User-Groups	string

This is the file I want to use.

# -*- text -*-
# Copyright (C) 2015 The FreeRADIUS Server project and contributors
#
#	Ruckus Wireless, Inc. dictionary
#
#

VENDOR		Ruckus				25053

BEGIN-VENDOR	Ruckus

# Value Format:    group_attr1,group_attr2,...
ATTRIBUTE	Ruckus-User-Groups			1	string
ATTRIBUTE	Ruckus-Sta-RSSI				2	integer
ATTRIBUTE	Ruckus-SSID				3	string
ATTRIBUTE	Ruckus-Wlan-Id				4	integer
ATTRIBUTE	Ruckus-Location				5	string
ATTRIBUTE	Ruckus-Grace-Period			6	integer
ATTRIBUTE	Ruckus-SCG-CBlade-IP			7	integer
ATTRIBUTE	Ruckus-SCG-DBlade-IP			8	integer
ATTRIBUTE	Ruckus-VLAN-ID				9	integer
ATTRIBUTE	Ruckus-Sta-Expiration			10	integer # not used by AP anymore. Please check SCG-33602
ATTRIBUTE	Ruckus-Sta-UUID				11	string
ATTRIBUTE	Ruckus-Accept-Enhancement-Reason	12	integer
ATTRIBUTE	Ruckus-Sta-Inner-Id			13	string
ATTRIBUTE	Ruckus-BSSID				14	octets

ATTRIBUTE	Ruckus-WSG-User				10	string

ATTRIBUTE	Ruckus-Triplets				101	octets
ATTRIBUTE	Ruckus-IMSI				102	octets
ATTRIBUTE	Ruckus-MSISDN				103	octets
ATTRIBUTE	Ruckus-APN-NI				104	string
ATTRIBUTE	Ruckus-QoS				105	octets
ATTRIBUTE	Ruckus-Selection-Mode			106	integer
ATTRIBUTE	Ruckus-APN-Resolution-Req		107	integer
ATTRIBUTE	Ruckus-Start-Time			108	octets
ATTRIBUTE	Ruckus-NAS-Type				109	integer
ATTRIBUTE	Ruckus-Status				110	integer
ATTRIBUTE	Ruckus-APN-OI				111	string
ATTRIBUTE	Ruckus-Auth-Type			112	integer
ATTRIBUTE	Ruckus-Gn-User-Name			113	string
ATTRIBUTE	Ruckus-Brand-Code			114	string
ATTRIBUTE	Ruckus-Policy-Name			115	string
ATTRIBUTE	Ruckus-Client-Local-IP			116	ipaddr
ATTRIBUTE	Ruckus-SGSN-IP				117	ipaddr
ATTRIBUTE	Ruckus-Charging-Charac			118	octets
ATTRIBUTE	Ruckus-PDP-Type				119	octets
ATTRIBUTE	Ruckus-Dynamic-Address-Flag		120	octets
ATTRIBUTE	Ruckus-ChCh-Selection-Mode		121	octets
ATTRIBUTE	Ruckus-AAA-IP				122	ipaddr
ATTRIBUTE	Ruckus-CDR-TYPE				123	integer
ATTRIBUTE	Ruckus-SGSN-Number			124	octets
ATTRIBUTE	Ruckus-Session-Type			125	integer
ATTRIBUTE	Ruckus-Accounting-Status		126	integer
ATTRIBUTE	Ruckus-Zone-Id				127	string
ATTRIBUTE	Ruckus-Auth-Server-Id			128	string
ATTRIBUTE	Ruckus-Utp-Id				129	string
ATTRIBUTE	Ruckus-Area-Code			130	octets
ATTRIBUTE	Ruckus-Cell-Identifier			131	octets
ATTRIBUTE	Ruckus-Wispr-Redirect-Policy		132	string
ATTRIBUTE	Ruckus-Eth-Profile-Id			133	integer
ATTRIBUTE	Ruckus-Zone-Name			134	string
ATTRIBUTE	Ruckus-Wlan-Name			135	string

#
#  Integer Translations
#

#  Ruckus-Selection-Mode Values

VALUE	Ruckus-Selection-Mode		Subscribed		0
VALUE	Ruckus-Selection-Mode		SentByMS		1
VALUE	Ruckus-Selection-Mode		ChosenBySGSN		2

#  Ruckus-APN-Resolution-Req Values

VALUE	Ruckus-APN-Resolution-Req	NotRequired		0
VALUE	Ruckus-APN-Resolution-Req	Required		1

#  Ruckus-Status Values

VALUE	Ruckus-Status			Success			0
VALUE	Ruckus-Status			Failure			1

#  Ruckus-Auth-Type Values

VALUE	Ruckus-Auth-Type		PPP-SIM			1
VALUE	Ruckus-Auth-Type		DummyIMSI		2
VALUE	Ruckus-Auth-Type		SoftSIM			3
VALUE	Ruckus-Auth-Type		RadiusSIM		4
VALUE	Ruckus-Auth-Type		Postpaid		5
VALUE	Ruckus-Auth-Type		Prepaid			6
VALUE	Ruckus-Auth-Type		LocalRadius		7
VALUE	Ruckus-Auth-Type		ProxyRadius		8
VALUE	Ruckus-Auth-Type		Voucher			9
VALUE	Ruckus-Auth-Type		EAP-SIM			10

# Ruckus-Session-Type Values
# Updated as per SCG2.1
#Value (1) No more valid for SCG2.1
VALUE	Ruckus-Session-Type		TTG			2
VALUE	Ruckus-Session-Type		Local-Breakout		3
VALUE	Ruckus-Session-Type		Local-Breakout-AP	4
VALUE	Ruckus-Session-Type		L3GRE			5
VALUE	Ruckus-Session-Type		L2GRE			6
VALUE	Ruckus-Session-Type		QinQL3			7
VALUE	Ruckus-Session-Type		PMIP			8

#RUCKUS-NAS_Type

VALUE	Ruckus-NAS-Type			SCG			1
VALUE	Ruckus-NAS-Type			Others			2

#Ruckus-Accounting-Status
VALUE	Ruckus-Accounting-Status	Accounting-On		1
VALUE	Ruckus-Accounting-Status	Accounting-Off		0

END-VENDOR Ruckus

	[Obsolete]
	void Add(IPNetwork remoteAddressRange, IPacketHandler packetHandler, string sharedSecret);
	[Obsolete]
	void AddPacketHandler(IPAddress remoteAddress, IPacketHandler packetHandler, string sharedSecret);
	[Obsolete]
	void AddPacketHandler(List<IPAddress> remoteAddresses, IPacketHandler packetHandler, string sharedSecret);

vforteli / flexinets.radius.radiusserver Goto Github PK

flexinets.radius.radiusserver's Introduction

Radius server library for .NET Standard

RadiusServer usage

flexinets.radius.radiusserver's People

Contributors

Stargazers

Watchers

Forkers

flexinets.radius.radiusserver's Issues

Recommend Projects

Recommend Topics

Recommend Org