Change between FreeRadius 2.2.5 to 3.0.17 in Filter ?

classic Classic list List threaded Threaded
8 messages Options
| Threaded
Open this post in threaded view
|

Change between FreeRadius 2.2.5 to 3.0.17 in Filter ?

Olivier CALVANO
Hi

i test for update my old FreeRadius 2.2.5 to 3.0.17 included
int CentOS 8.

On filter, i have a error that i don't have in 2.2.5:


(6)       if ((Tunnel-Server-Endpoint:0[0] != '192.168.1.96') && (User-Name
=~ /\\.internal-lan\\.ftth/) && ("%{Packet-Src-IP-Address}" ==
"192.168.90.58")) {
(6)       ERROR: Failed retrieving values required to evaluate condition
(6)       elsif ((Tunnel-Server-Endpoint:0[0] != '192.168.1.96') &&
(User-Name =~ /\\.internal-lan\\.ftth/) && ("%{Packet-Src-IP-Address}" ==
"192.168.90.59")) {
(6)       ERROR: Failed retrieving values required to evaluate condition
(6)       elsif ((Tunnel-Server-Endpoint:0[0] != '192.168.1.96') &&
(User-Name =~ /\\.internal-lan\\.ftth/) && ("%{Packet-Src-IP-Address}" ==
"192.168.90.74")) {
(6)       ERROR: Failed retrieving values required to evaluate condition
(6)       elsif ((Tunnel-Server-Endpoint:0[0] != '192.168.1.96') &&
(User-Name =~ /\\.internal-lan\\.ftth/) && ("%{Packet-Src-IP-Address}" ==
"192.168.90.208")) {
(6)       ERROR: Failed retrieving values required to evaluate condition



Exemple of my config entry:

        if ((Tunnel-Server-Endpoint:0[0] != '192.168.1.96') && (User-Name
=~ /\\.internal-lan\\.ftth/) && ("%{Packet-Src-IP-Address}" ==
"192.168.90.58")) {
                update reply {
                        tunnel-Server-Endpoint:0 := '192.168.1.96'
                        tunnel-Client-Auth-Id:0 := "POP-192.168.1.96"
                        tunnel-Server-Auth-Id:0 := "POP-192.168.1.96"
                        Tunnel-Type := "L2TP"
                        Tunnel-Medium-Type := "IPv4"
                        Class := "FTTH-PRO-DL1000m500k-UL300m500k"
                        Tunnel-Preference !* ANY
                        Framed-MTU !* ANY
                        Cisco-AVPair !* ANY
                        MS-Primary-DNS-Server !* ANY
                        MS-Secondary-DNS-Server !* ANY
                        Framed-IP-Address !* ANY
                        Framed-IP-Netmask !* ANY
                        Service-Type !* ANY
                        Framed-Protocol !* ANY
                }
        }


they are a synthaxe change in FreeRadius 3.x ?


thanks
Olivier
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Change between FreeRadius 2.2.5 to 3.0.17 in Filter ?

Peter Lambrechtsen-4
Are you sure the Tunnel-Server-Endpoint hasn’t changed?? That may have been
set as a tagged vsa or not.
I would just try

Tunnel-Server-Endpoint:0

And drop the [0]

On Mon, 22 Jun 2020 at 16:08, Olivier CALVANO <[hidden email]> wrote:

> Hi
>
> i test for update my old FreeRadius 2.2.5 to 3.0.17 included
> int CentOS 8.
>
> On filter, i have a error that i don't have in 2.2.5:
>
>
> (6)       if ((Tunnel-Server-Endpoint:0[0] != '192.168.1.96') && (User-Name
> =~ /\\.internal-lan\\.ftth/) && ("%{Packet-Src-IP-Address}" ==
> "192.168.90.58")) {
> (6)       ERROR: Failed retrieving values required to evaluate condition
> (6)       elsif ((Tunnel-Server-Endpoint:0[0] != '192.168.1.96') &&
> (User-Name =~ /\\.internal-lan\\.ftth/) && ("%{Packet-Src-IP-Address}" ==
> "192.168.90.59")) {
> (6)       ERROR: Failed retrieving values required to evaluate condition
> (6)       elsif ((Tunnel-Server-Endpoint:0[0] != '192.168.1.96') &&
> (User-Name =~ /\\.internal-lan\\.ftth/) && ("%{Packet-Src-IP-Address}" ==
> "192.168.90.74")) {
> (6)       ERROR: Failed retrieving values required to evaluate condition
> (6)       elsif ((Tunnel-Server-Endpoint:0[0] != '192.168.1.96') &&
> (User-Name =~ /\\.internal-lan\\.ftth/) && ("%{Packet-Src-IP-Address}" ==
> "192.168.90.208")) {
> (6)       ERROR: Failed retrieving values required to evaluate condition
>
>
>
> Exemple of my config entry:
>
>         if ((Tunnel-Server-Endpoint:0[0] != '192.168.1.96') && (User-Name
> =~ /\\.internal-lan\\.ftth/) && ("%{Packet-Src-IP-Address}" ==
> "192.168.90.58")) {
>                 update reply {
>                         tunnel-Server-Endpoint:0 := '192.168.1.96'
>                         tunnel-Client-Auth-Id:0 := "POP-192.168.1.96"
>                         tunnel-Server-Auth-Id:0 := "POP-192.168.1.96"
>                         Tunnel-Type := "L2TP"
>                         Tunnel-Medium-Type := "IPv4"
>                         Class := "FTTH-PRO-DL1000m500k-UL300m500k"
>                         Tunnel-Preference !* ANY
>                         Framed-MTU !* ANY
>                         Cisco-AVPair !* ANY
>                         MS-Primary-DNS-Server !* ANY
>                         MS-Secondary-DNS-Server !* ANY
>                         Framed-IP-Address !* ANY
>                         Framed-IP-Netmask !* ANY
>                         Service-Type !* ANY
>                         Framed-Protocol !* ANY
>                 }
>         }
>
>
> they are a synthaxe change in FreeRadius 3.x ?
>
>
> thanks
> Olivier
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Change between FreeRadius 2.2.5 to 3.0.17 in Filter ?

Alan DeKok-2
In reply to this post by Olivier CALVANO
On Jun 22, 2020, at 12:07 AM, Olivier CALVANO <[hidden email]> wrote:
> Exemple of my config entry:
>
>        if ((Tunnel-Server-Endpoint:0[0] != '192.168.1.96') && (User-Name
> =~ /\\.internal-lan\\.ftth/) && ("%{Packet-Src-IP-Address}" ==
> "192.168.90.58")) {

  You should just use:

        if ((Tunnel-Server-Endpoint:0[0] != 192.168.1.96) && (User-Name =~ /\\.internal-lan\\.ftth/) && (Packet-Src-IP-Address == 192.168.90.58)) {

> they are a synthaxe change in FreeRadius 3.x ?

  v3 is more picky about what it accepts.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Change between FreeRadius 2.2.5 to 3.0.17 in Filter ?

Alan Buxey
In reply to this post by Olivier CALVANO
hi,

have you chosen the correct backslashes option in the main config file?

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Change between FreeRadius 2.2.5 to 3.0.17 in Filter ?

Olivier CALVANO
In reply to this post by Alan DeKok-2
Le lun. 22 juin 2020 à 13:29, Alan DeKok <[hidden email]> a
écrit :

> On Jun 22, 2020, at 12:07 AM, Olivier CALVANO <[hidden email]> wrote:
> >        if ((Tunnel-Server-Endpoint:0[0] != '192.168.1.96') && (User-Name
> > =~ /\\.internal-lan\\.ftth/) && ("%{Packet-Src-IP-Address}" ==
> > "192.168.90.58")) {
>
>   You should just use:
>
>         if ((Tunnel-Server-Endpoint:0[0] != 192.168.1.96) && (User-Name =~
> /\\.internal-lan\\.ftth/) && (Packet-Src-IP-Address == 192.168.90.58)) {
>
>
Same erreors :

(0)       if ((Tunnel-Server-Endpoint:0[0] != '192.168.1.96') && (User-Name
=~ /\\.internal-lan\\.ftth/) && (Packet-Src-IP-Address == 192.168.90.58))
(0)       ERROR: Failed retrieving values required to evaluate condition


when i start without ' in the IP, that don't start
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Change between FreeRadius 2.2.5 to 3.0.17 in Filter ?

Olivier CALVANO
In reply to this post by Alan Buxey
In radius.conf ?

i have:

#
#  correct_escapes: use correct backslash escaping
#
#  Prior to version 3.0.5, the handling of backslashes was a little
#  awkward, i.e. "wrong".  In some cases, to get one backslash into
#  a regex, you had to put 4 in the config files.
#
#  Version 3.0.5 fixes that.  However, for backwards compatibility,
#  the new method of escaping is DISABLED BY DEFAULT.  This means
#  that upgrading to 3.0.5 won't break your configuration.
#
#  If you don't have double backslashes (i.e. \\) in your configuration,
#  this won't matter to you.  If you do have them, fix that to use only
#  one backslash, and then set "correct_escapes = true".
#
#  You can check for this by doing:
#
#       $ grep '\\\\' $(find raddb -type f -print)
#
correct_escapes = true


Le lun. 22 juin 2020 à 15:02, Alan Buxey <[hidden email]> a écrit :

> hi,
>
> have you chosen the correct backslashes option in the main config file?
>
> alan
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Change between FreeRadius 2.2.5 to 3.0.17 in Filter ?

Alan Buxey
hi,


> In radius.conf ?

yes


> #  If you don't have double backslashes (i.e. \\) in your configuration,
> #  this won't matter to you.  If you do have them, fix that to use only
> #  one backslash, and then set "correct_escapes = true".

read that bit again.

> #
> #  You can check for this by doing:
> #
> #       $ grep '\\\\' $(find raddb -type f -print)
> #
> correct_escapes = true

you have set this to true but are still using a backslash to escape backslashes.

there are also some other changes from v2 to v3 (many of which I've
forgotten since
I moved to version 3 over 6 years ago - but several of the unlang
elements should be pointing to
'&' versions of the attributes... look at the provided default config
stuff and unlang man page
to check your comparisons.

cheers

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Change between FreeRadius 2.2.5 to 3.0.17 in Filter ?

Alan DeKok-2
In reply to this post by Olivier CALVANO
On Jun 23, 2020, at 12:49 AM, Olivier CALVANO <[hidden email]> wrote:
> Same erreors :
>
> (0)       if ((Tunnel-Server-Endpoint:0[0] != '192.168.1.96') && (User-Name
> =~ /\\.internal-lan\\.ftth/) && (Packet-Src-IP-Address == 192.168.90.58))
> (0)       ERROR: Failed retrieving values required to evaluate condition

  All that means is one of the attributes in the 'if' statement doesn't exist.

  i.e. it's not in the incoming packet.  Read the FULL debug log to see more.

> when i start without ' in the IP, that don't start

  OK, that's fine then.

  Alan DeKok.



-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html