vforteli / flexinets.radius.radiusserver Goto Github PK
View Code? Open in Web Editor NEWRadius server for .Net. Packets handled in pluggable IPacketHandlers
License: MIT License
Radius server for .Net. Packets handled in pluggable IPacketHandlers
License: MIT License
Thanks for the interesting project.
I wonder if there's a current example of running a server available? The example in readme.md doesn't seem to work anymore as the code library has changed.
I need a way to modify the list of IPs that are being watched while the server is running. I don't think this is currently possible.
I was thinking that there could be a handler for checking if an IP address is valid. It could just return a bool
for accept or reject. Ideally I could just hit my own cache to get the list of valid IPs instead of the internal one. I'll be using a Redis server I think. I think I just need to implement HandlePacket
on my own.
If I'm venturing too far off your vision of this project, I can always write this myself, or even submit a pull request if you want. This library (not including the other 2) is pretty manageable.
Could you explain your vendor format? I'm looking to add some vendors to my file, but I'm seeing differences from the files I have. I'm using ones from WireShark, but they look like they came from FreeRadius. I'm looking at Cisco vendor 9 as an example. Not everything is included in your file. Some of the names match up and some have cisco- in front when it doesn't in the freeradius file. Casing is different. Are values not put in your file?
To me, this looks to be the format:
# VendorId 25053
VendorSpecificAttribute 25053 1 Ruckus-User-Groups string
This is the file I want to use.
# -*- text -*-
# Copyright (C) 2015 The FreeRADIUS Server project and contributors
#
# Ruckus Wireless, Inc. dictionary
#
#
VENDOR Ruckus 25053
BEGIN-VENDOR Ruckus
# Value Format: group_attr1,group_attr2,...
ATTRIBUTE Ruckus-User-Groups 1 string
ATTRIBUTE Ruckus-Sta-RSSI 2 integer
ATTRIBUTE Ruckus-SSID 3 string
ATTRIBUTE Ruckus-Wlan-Id 4 integer
ATTRIBUTE Ruckus-Location 5 string
ATTRIBUTE Ruckus-Grace-Period 6 integer
ATTRIBUTE Ruckus-SCG-CBlade-IP 7 integer
ATTRIBUTE Ruckus-SCG-DBlade-IP 8 integer
ATTRIBUTE Ruckus-VLAN-ID 9 integer
ATTRIBUTE Ruckus-Sta-Expiration 10 integer # not used by AP anymore. Please check SCG-33602
ATTRIBUTE Ruckus-Sta-UUID 11 string
ATTRIBUTE Ruckus-Accept-Enhancement-Reason 12 integer
ATTRIBUTE Ruckus-Sta-Inner-Id 13 string
ATTRIBUTE Ruckus-BSSID 14 octets
ATTRIBUTE Ruckus-WSG-User 10 string
ATTRIBUTE Ruckus-Triplets 101 octets
ATTRIBUTE Ruckus-IMSI 102 octets
ATTRIBUTE Ruckus-MSISDN 103 octets
ATTRIBUTE Ruckus-APN-NI 104 string
ATTRIBUTE Ruckus-QoS 105 octets
ATTRIBUTE Ruckus-Selection-Mode 106 integer
ATTRIBUTE Ruckus-APN-Resolution-Req 107 integer
ATTRIBUTE Ruckus-Start-Time 108 octets
ATTRIBUTE Ruckus-NAS-Type 109 integer
ATTRIBUTE Ruckus-Status 110 integer
ATTRIBUTE Ruckus-APN-OI 111 string
ATTRIBUTE Ruckus-Auth-Type 112 integer
ATTRIBUTE Ruckus-Gn-User-Name 113 string
ATTRIBUTE Ruckus-Brand-Code 114 string
ATTRIBUTE Ruckus-Policy-Name 115 string
ATTRIBUTE Ruckus-Client-Local-IP 116 ipaddr
ATTRIBUTE Ruckus-SGSN-IP 117 ipaddr
ATTRIBUTE Ruckus-Charging-Charac 118 octets
ATTRIBUTE Ruckus-PDP-Type 119 octets
ATTRIBUTE Ruckus-Dynamic-Address-Flag 120 octets
ATTRIBUTE Ruckus-ChCh-Selection-Mode 121 octets
ATTRIBUTE Ruckus-AAA-IP 122 ipaddr
ATTRIBUTE Ruckus-CDR-TYPE 123 integer
ATTRIBUTE Ruckus-SGSN-Number 124 octets
ATTRIBUTE Ruckus-Session-Type 125 integer
ATTRIBUTE Ruckus-Accounting-Status 126 integer
ATTRIBUTE Ruckus-Zone-Id 127 string
ATTRIBUTE Ruckus-Auth-Server-Id 128 string
ATTRIBUTE Ruckus-Utp-Id 129 string
ATTRIBUTE Ruckus-Area-Code 130 octets
ATTRIBUTE Ruckus-Cell-Identifier 131 octets
ATTRIBUTE Ruckus-Wispr-Redirect-Policy 132 string
ATTRIBUTE Ruckus-Eth-Profile-Id 133 integer
ATTRIBUTE Ruckus-Zone-Name 134 string
ATTRIBUTE Ruckus-Wlan-Name 135 string
#
# Integer Translations
#
# Ruckus-Selection-Mode Values
VALUE Ruckus-Selection-Mode Subscribed 0
VALUE Ruckus-Selection-Mode SentByMS 1
VALUE Ruckus-Selection-Mode ChosenBySGSN 2
# Ruckus-APN-Resolution-Req Values
VALUE Ruckus-APN-Resolution-Req NotRequired 0
VALUE Ruckus-APN-Resolution-Req Required 1
# Ruckus-Status Values
VALUE Ruckus-Status Success 0
VALUE Ruckus-Status Failure 1
# Ruckus-Auth-Type Values
VALUE Ruckus-Auth-Type PPP-SIM 1
VALUE Ruckus-Auth-Type DummyIMSI 2
VALUE Ruckus-Auth-Type SoftSIM 3
VALUE Ruckus-Auth-Type RadiusSIM 4
VALUE Ruckus-Auth-Type Postpaid 5
VALUE Ruckus-Auth-Type Prepaid 6
VALUE Ruckus-Auth-Type LocalRadius 7
VALUE Ruckus-Auth-Type ProxyRadius 8
VALUE Ruckus-Auth-Type Voucher 9
VALUE Ruckus-Auth-Type EAP-SIM 10
# Ruckus-Session-Type Values
# Updated as per SCG2.1
#Value (1) No more valid for SCG2.1
VALUE Ruckus-Session-Type TTG 2
VALUE Ruckus-Session-Type Local-Breakout 3
VALUE Ruckus-Session-Type Local-Breakout-AP 4
VALUE Ruckus-Session-Type L3GRE 5
VALUE Ruckus-Session-Type L2GRE 6
VALUE Ruckus-Session-Type QinQL3 7
VALUE Ruckus-Session-Type PMIP 8
#RUCKUS-NAS_Type
VALUE Ruckus-NAS-Type SCG 1
VALUE Ruckus-NAS-Type Others 2
#Ruckus-Accounting-Status
VALUE Ruckus-Accounting-Status Accounting-On 1
VALUE Ruckus-Accounting-Status Accounting-Off 0
END-VENDOR Ruckus
I want to find C # development of the radius server, do you have?
When using radtest, which is a test tool that comes with FreeRadius, I get an exception System.InvalidOperationException: Invalid Message-Authenticator in packet 224
.
$ radtest user password localhost 1812 0 12345
Received packet from 127.0.0.1:56039, Concurrent handlers count: 1
Failed to receive packet from 127.0.0.1:56039
System.InvalidOperationException: Invalid Message-Authenticator in packet 224
at Flexinets.Radius.Core.RadiusPacket.Parse(Byte[] packetBytes, IRadiusDictionary dictionary, Byte[] sharedSecret)
at Flexinets.Radius.RadiusServer.GetResponsePacket(IPacketHandler packetHandler, String sharedSecret, Byte[] packetBytes, IPEndPoint remoteEndpoint)
at Flexinets.Radius.RadiusServer.HandlePacket(IPEndPoint remoteEndpoint, Byte[] packetBytes)
01e00050b12b2bc26bd8156b7b962b27e0fd924a0106757365720212503043021b6fdb74b3b81454c790a64004067f000101050600000714501200000000000000000000000000000000070600000001
Hi,
I've added a packet handler with a shared secret and everythings works fine.
When I change the shared secret on my test client the handler is still triggered. The secret for the handler is not checked against the secret the client sends and the request triggers the handler.
Is this intended or a bug?
Is there an option to dismiss a request, when the shared secret is not matching?
Is it possible to get the shared secret which is sent in the clients request?
Thanks
Can I authenticate VPN?
Thank you.
What is the recommended way to add handlers if this way is obsolete?
I have a radius server running on both a Windows server and a Linux server. On both of them I'm able to hit the server and get a response while on the server. On Windows I'm using NTRadPing and on Linux I'm using radtest (from freeradius). When trying to hit the server from outside of the hosted servers, the radius server nets gets the request.
I thought this was happening because of ports being blocked. I setup a freeradius server though, and I'm able to hit it just fine and it responds properly, so it has something to do with the RadiusServer code, or my code.
Do you have any clue what could be causing this?
I'd really like to use this library for a very lightweight radius server, and have it seamlessly integrated into the other apps that work with it.
Program.cs
using System;
using System.IO;
using System.Net;
using System.Reflection;
using Flexinets.Net;
using Flexinets.Radius;
using Flexinets.Radius.Core;
namespace InfinitWifi.RadiusServer
{
class Program
{
static void Main(string[] args)
{
var ip = "the servers external ip address";
var dictionaryPath = Path.Combine(Path.GetDirectoryName(Assembly.GetExecutingAssembly().Location), "radius.dictionary");
var dictionary = new RadiusDictionary(dictionaryPath);
var localEndpoint = new IPEndPoint(IPAddress.Any, 1812);
var server = new Flexinets.Radius.RadiusServer(new UdpClientFactory(), localEndpoint, dictionary, RadiusServerType.Authentication);
var packetHandler = new PacketHandler();
server.AddPacketHandler(IPAddress.Parse(ip), "12345", packetHandler);
server.Start();
Console.WriteLine($"Listening on ip '{ip}'.");
Console.ReadKey();
}
}
}
PacketHandler.cs
using Flexinets.Radius.Core;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
namespace InfinitWifi.RadiusServer
{
public class PacketHandler : IPacketHandler
{
public IRadiusPacket HandlePacket(IRadiusPacket packet)
{
return packet.CreateResponsePacket(PacketCode.AccessAccept);
}
public void Dispose()
{
}
}
}
Set proper calculated request authenticator in new accounting request packets. Currently set as in access request packets.
Request authenticator should be validated when parsing accounting request packets from bytes.
Possible modifications needed for supporting RadSec (Radius over TCP with or without TLS)
hi
you can help me for EAP handler ?
on this mode only find 'EAP-Message' and 'Message-Authenticator' attributes and when return packet.CreateResponsePacket(PacketCode.AccessAccept) not accept and need encryption
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.