[IKEv2: Remote Access VPN] RADIUS Accounting


- Version: 0.2.b1-022 or later


If RADIUS Accounting service is enabled, Rockhopper sends two types of Accounting-Request messages to a RADIUS server.

  • START: When a VPN connection with a remote client is established, an Accounting-Request message including a STATUS-TYPE:START(1) attribute is sent.

    In addition, the following attributes are sent by default.

    • NAS-IP-Address or NAS-IPv6-Address
    • NAS-Port-Type: Virtual(5)
    • User-Name: EAP User ID or name.
    • Calling-Station-Id: remote-client's-IP:port (e.g.) 192.168.0.17:4500
    • Acct-Session-Id: A VPN's UID. This value is the same value you can see on Web Console.
    • Acct-Authentic: RADIUS(1) or Local(2)

  • STOP: When a VPN connection with a remote client is closed, an Accounting-Request message including a STATUS-TYPE:STOP(2) attribute is sent.

    Also, the following attributes are sent by default.

    • NAS-IP-Address or NAS-IPv6-Address
    • NAS-Port-Type: Virtual(5)
    • User-Name: EAP User ID or name.
    • Calling-Station-Id: remote-client's-IP:port
    • Acct-Session-Id: A VPN's UID.
    • Acct-Authentic: RADIUS(1) or Local(2)
    • Acct-Terminate-Cause
    • Acct-Session-Time
    • Acct-Input-Octets
    • Acct-Output-Octets
    • Acct-Input-Packets
    • Acct-Output-Packets
sample0

Enable and configure RADIUS service - RADIUS Client (NAS)


You can enable and setup RADIUS Client on Global Configuration tab of Web console.

- Global Configuration[Tab] > RADIUS[Tab] > Accounting[Tab]

  1. Check Enable RADIUS authentication.

  2. Setup RADIUS Server's Address.

    RADIUS Server's Address: IPv4 and 192.168.0.20.

  3. If needed, specify Source IP Address to send and receive RADIUS packets.

    Source IP Address: IPv4 and 192.168.0.10.

  4. Setup Shared Secret.

    Shared Secret: testing123.

  5. Save the global configuration.

If you want to configure a secondary RADIUS server, check Configure a Secondary RADIUS server and enter values similarly.


Configure standard attribute types sent to RADIUS server


By specifying standard attribute types sent to RADIUS server, Rockhopper can include additional attributes into each RADIUS Accouting-Request message.

- Web Console:Global Configuration[Tab] > RADIUS[Tab] > Accounting[Tab]

  1. Push Enable standard attribute type button and open Enable a New RADIUS Attribute Type (Accounting) dialog.

  2. Select Attribute Type and then push OK.

  3. Save the global configuration.

Standard attribute types supported by Rockhopper:

Attribute Type Value Description
NAS-Identifier Any string Send a specified string as a NAS-Identifier attribute. [RFC2865]
NAS-Identifier-IKEv2-ID enable or disable Send a gateway(NAS)'s IKEv2 ID as a NAS-Identifier attribute. [RFC2865] (e.g. gateway1.example.com)
Connect-Info Any string Send a Connect-Info attribute. [RFC2869]



Configure additional settings.


- Web Console:Global Configuration[Tab] > RADIUS[Tab] > Accounting[Tab]

  1. Push Add Setting button and open Add a New RADIUS Setting (Accounting) dialog.

  2. Select Setting Name, enter Setting Value and then push OK.

  3. Save the global configuration.

Setting Name Setting Value Default Value Description
retransmit_interval Number of seconds. 3 (seconds) The number of interval seconds to retransmit a RADIUS message by Rockhopper.
retransmit_times Retransmission times. 3 (times) Retransmission times of a RADIUS message by Rockhopper.



Configuration example




Back to Top