Forum Discussion
nitass
Sep 08, 2013Employee
nat and joko are absolutely correct. i did a bit test joko's rule as below.
root@(ve11a)(cfg-sync Changes Pending)(Active)(/Common)(tmos) list ltm virtual bar
ltm virtual bar {
destination 172.28.20.111:1813
ip-protocol udp
mask 255.255.255.255
pool foo
profiles {
udp { }
}
rules {
nat_rule
}
source 0.0.0.0/0
source-address-translation {
type automap
}
vs-index 2
}
root@(ve11a)(cfg-sync Changes Pending)(Active)(/Common)(tmos) list ltm rule nat_rule
ltm rule nat_rule {
when CLIENT_DATA {
set secret "secret"
RADIUS::avp insert 8 "2.2.2.2" ip4
binary scan [UDP::payload] a1a1a2a16a* code id len auth attrs
set zero "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
set newauth [md5 "${code}${id}${len}${zero}${attrs}${secret}"]
UDP::payload replace 4 16 $newauth
}
when SERVER_DATA {
binary scan [UDP::payload] a1a1a2x16a* code id len attrs
set newrespauth [md5 "${code}${id}${len}${auth}${attrs}${secret}"]
UDP::payload replace 4 16 $newrespauth
}
}
test
[root@client1 ~] echo "Acct-Status-Type=1,NAS-IP-Address=1.1.1.1,Calling-Station-Id=1234567890" |radclient -c 1 172.28.20.111 acct secret
Received response ID 254, code 5, length = 20
root@(ve11a)(cfg-sync Changes Pending)(Active)(/Common)(tmos) list ltm virtual bar
ltm virtual bar {
destination 172.28.20.111:1813
ip-protocol udp
mask 255.255.255.255
pool foo
profiles {
udp { }
}
rules {
joko_rule
}
source 0.0.0.0/0
source-address-translation {
type automap
}
vs-index 2
}
root@(ve11a)(cfg-sync Changes Pending)(Active)(/Common)(tmos) list ltm rule joko_rule
ltm rule joko_rule {
when RULE_INIT {
set static::seckey "secret"
}
when CLIENT_DATA {
RADIUS::avp insert 8 "2.2.2.2" ip4
binary scan [UDP::payload] H2H2x2H32H* rad_code rad_pid rad_auth rad_attrs
set a "[binary format H*H*SH*H*a* $rad_code $rad_pid [UDP::payload length] 00000000000000000000000000000000 $rad_attrs $static::seckey]"
UDP::payload replace 4 16 [md5 $a]
}
when SERVER_DATA {
binary scan [UDP::payload] H2H2x18H* rad_code rad_pid rad_attrs
set b "[binary format H*H*SH*H*a* $rad_code $rad_pid [UDP::payload length] $rad_auth $rad_attrs $static::seckey]"
UDP::payload replace 4 16 [md5 $b]
}
}
test
[root@client1 ~] echo "Acct-Status-Type=1,NAS-IP-Address=1.1.1.1,Calling-Station-Id=1234567890" |radclient -c 1 172.28.20.111 acct secret
Received response ID 2, code 5, length = 20