PPPoE encryption via RADIUS

awacenter · May 29, 2013, 10:43am

Hi,

My pppoe server service uses default profile (at the moment I do NOT want to use default-encryption profile). AAA server is actived.
In the client side, my pppoe client has user/pass and default profile.
this scenario without encryption works fine.

I am trying to encrypt my PPPoE Sessions using radius attributes. I want to see in Active connections, in encoding field=MPPE128 stateless.
I read http://freeradius.org/rfc/rfc2548.html and search in MT database and google.
I tried lot of configuracion and with several radius attribute: MS-MPPE-Encryption-Policy, MS-MPPE-Encryption-Types,MS-MPPE-Recv-Key, MS-MPPE-Send-Key.

For example in my radreply table in freeradius,
username| attribute| op | value
NTV;MS-MPPE-Encryption-Policy;:=;0x00000002
NTV;MS-MPPE-Encryption-Types;:=;0x0000000e
NTV;MS-MPPE-Recv-Key;:=;0x74bbb154bacd94c95e6e2e069d1b48df
NTV;MS-MPPE-Send-Key;:=;0x468129c1b70123e815d71a891595a860

these values cause an error ‘encryption negotiation rejected’.

What are the correct values to see in concoding MPPE128 stateless?
Santiago

samsung172 · May 30, 2013, 2:21am

Why don’t you want to activate another pppoe profile?

awacenter · May 31, 2013, 12:01pm

I do not use the default-encryption because I have to differenciate user types.
some of my customers have an old-fashioned device which not support encryption.
all my PPPoE users are in a RADIUS server accounts. So I can distinguish if I use or not use encryption in the RADIUS account.

Can I configure thses paremetres in an readius account?