*** UNIX MANUAL PAGE BROWSER ***

RADIUSD_IPCP(8) FreeBSD System Manager's Manual RADIUSD_IPCP(8) NAME radiusd_ipcp - provides IP configuration and manages IP address pool SYNOPSIS radiusd_ipcp DESCRIPTION The radiusd_ipcp module is executed by radiusd(8) as a module to provide IP configuration through RADIUS Access-Accept messages and manages the IP address pool through RADIUS accounting messages. The internal sessions can be shown or monitored by radiusctl(8). radiusd_ipcp also provides session timeouts and disconnects requested by radiusctl(8) through the Dynamic Authorization Extension (DAE, RFC 5176). CONFIGURATIONS To use the radiusd_ipcp module, it should be configured as a decoration module of the authentication and as an accounting module. authenticate * by (any auth module) decorate-by ipcp account * to ipcp The radiusd_ipcp module supports the following configuration keys and values: address pool address-space ... Specify the IP address spaces that is pooled. The address-space can be specified by an address range (e.g. 192.168.1.1-192.168.1.199) or an address mask (e.g. 192.168.1.0/24). The pooled addresses are used for dynamic assignment. address static address-space ... Specify the IP address spaces that is pooled for static assignment. The address-space is the same syntax as address pool, above. name-server primary-address [secondary-address] Specify the DNS servers' IP addresses. netbios-server primary-address [secondary-address] Specify the NetBIOS name servers' IP addresses. session-timeout seconds | "radius" Specify the session-timeout in seconds, or "radius". radiusd_ipcp disconnects the session through DAE at the specified time after starting. When "radius" is specified, the value of the Session-Timeout attribute in Access-Accept is used for the timeout. Configure dae server to use this option. dae server address[:port] secret [nas-id] Configure a DAE server which radiusd_ipcp requests disconnection for sessions. Specify the address, optionally the port number, and the secret. If the optional nas-id is specified, the server is selected only for the session which NAS-Identifier is matched the specified value. The default port number is 3799. max-sessions number Specify the maximum number of sessions. `0' means no limit. The default value is 0. user-max-sessions number Specify the maximum number of sessions per a user. `0' means no limit. The default value is 0. start-wait seconds Specify the seconds waiting for the RADIUS Accounting Start for the session after Access-Accept. radiusd_ipcp preserves the assigned IP address for that period. The default value is 60 seconds. FILES /usr/libexec/radiusd/radiusd_ipcp "ipcp" module executable. EXAMPLES An example with radiusd_ipcp working with npppd(8): /etc/radiusd.conf: listen on 127.0.0.1 listen on 127.0.0.1 accounting client 127.0.0.1/32 { secret "SECRET" } module radius { set secret "SECRET2" set server 192.168.0.4:1812 } module ipcp { set address pool 192.168.1.0/24 set name-server 192.168.0.4 set max-sessions 128 set user-max-sessions 2 set dae server 127.0.0.1 "SECRET3" set session-timeout radius } authenticate * by radius decorate-by ipcp account * to ipcp /etc/npppd/npppd.conf: tunnel L2TP protocol l2tp { listen on 192.0.2.51 } ipcp IPCP { pool-address 192.168.1.2-192.168.1.255 for dynamic } interface pppac0 address 192.168.1.1 ipcp IPCP authentication RADIUS type radius { authentication-server { address 127.0.0.1 secret "SECRET" } accounting-server { address 127.0.0.1 secret "SECRET" } } bind tunnel from L2TP authenticated by RADIUS to pppac0 radius dae listen on 127.0.0.1 radius dae client 127.0.0.1 secret "SECRET3" SEE ALSO authenticate(3), radiusd.conf(5), npppd(8), radiusctl(8), radiusd(8) HISTORY The radiusd_ipcp module first appeared in OpenBSD 7.6. FreeBSD 14.1-RELEASE-p8 August 7, 2024 FreeBSD 14.1-RELEASE-p8