mirror of https://github.com/hak5/openwrt-owl.git
hostapd: Settings for DAE/CoA server
hostapd supports "Dynamic Authorization Extensions", making it possible to forcibly disconnect a user by sending it a RADIUS "Disconnect-Request" packet. I've added three new variables to enable setting of the "radius_das_client" and "radius_das_port" variables in the hostapd configuration, which enable these extensions. * dae_client - IP of the client that can send disconnect requests * dae_secret - shared secret for DAE packets These are combined into the "radius_das_client" option in hostapd.conf To enable the server, both dae_client and dae_secret must be set. * dae_port - optional, default value is 3799 as specified in RFC 5176 Signed-off-by: Martijn van de Streek <martijn@vandestreek.net> SVN-Revision: 37734owl
parent
91f0b411f4
commit
9a22315ca4
|
@ -108,6 +108,13 @@ hostapd_set_bss_options() {
|
||||||
[ -n "$acct_port" ] && append "$var" "acct_server_port=$acct_port" "$N"
|
[ -n "$acct_port" ] && append "$var" "acct_server_port=$acct_port" "$N"
|
||||||
config_get acct_secret "$vif" acct_secret
|
config_get acct_secret "$vif" acct_secret
|
||||||
[ -n "$acct_secret" ] && append "$var" "acct_server_shared_secret=$acct_secret" "$N"
|
[ -n "$acct_secret" ] && append "$var" "acct_server_shared_secret=$acct_secret" "$N"
|
||||||
|
config_get dae_client "$vif" dae_client
|
||||||
|
config_get dae_secret "$vif" dae_secret
|
||||||
|
[ -n "$dae_client" -a -n "$dae_secret" ] && {
|
||||||
|
config_get dae_port "$vif" dae_port
|
||||||
|
append "$var" "radius_das_port=${dae_port:-3799}" "$N"
|
||||||
|
append "$var" "radius_das_client=$dae_client $dae_secret" "$N"
|
||||||
|
}
|
||||||
config_get nasid "$vif" nasid
|
config_get nasid "$vif" nasid
|
||||||
append "$var" "nas_identifier=$nasid" "$N"
|
append "$var" "nas_identifier=$nasid" "$N"
|
||||||
append "$var" "eapol_key_index_workaround=1" "$N"
|
append "$var" "eapol_key_index_workaround=1" "$N"
|
||||||
|
|
Loading…
Reference in New Issue