DSL Telkom (Openserve) authentication
South African provider Telkom allows ISPs to resell their services. The services are sold under the Openserve trademark (https://openserve.co.za/). Splynx can communicate with Openserve proxy servers and authenticate PPPoE customers. A few configuration steps are needed to allow Splynx to be able to communicate with Openserve proxies.
- First of all, create a NAS type as Openserve or a similar name that will help you to recognise it as the Openserve server. To do this, navigate to
Config → Networking → NAS typesand click on
- Configure the "Openserve" NAS type under
Config -> Networking -> Radius:
Please add Radius attributes provided to you by Telkom. Setup accounting intervals to the default SAIX intervals:
Example of Radius attributes:
Cisco-AVPair = ip:ip-unnumbered=Loopback1111 Cisco-AVPair += ip:addr-pool=xnet001ipc2 X-Ascend-Client-Primary-DNS = 196.46.XXX.XXX X-Ascend-Client-Secondary-DNS = 196.46.XXX.XXX
Don't forget to save the changes.
- Then add all Openserve NAS proxies as Routers to Splynx, please specify the NAS type = Openserve (configured in previous step). Also define the Radius secret that is used for proxy server and Radius server communication:
- Next step is to edit Radius extended settings under
Config → Networking → Radius advanced:
An important field is Default NAS ID. This is the ID of the Router in Splynx routers, that will "link" customers: to show that they are connected via it online.
- The last step is to add the missing attribute to the Freeradius dictionary, open the file
/etc/freeradius/dictionaryand add the line :
ATTRIBUTE Alcatel-Lucent-Service- 3002 integer
More information on this connection method can be found here.
Openserve authentication (PPPoE via L2tP Method)
- The technical documentation should be completed and sent to the Corporate account manager
- L2TP LNS IP should advertised accross BGP to Openserve on the upstream
- Establish the L2TP tunnel from your core device to Openserve.
- The accepted Realms should be created on Openserve portal.
PPPOE to L2TP Basic Configuration
/ppp l2tp-secret add address=188.8.131.52/25 comment=OpenServe secret=<secret> /interface l2tp-server server set allow-fast-path=yes authentication=chap default-profile=<profile-name> enabled=yes keepalive-timeout=60 max-mru=1462 max-mtu=1462
Once the L2TP is established the PPPoE Realm in the CPE config and in Splynx' services should match that of what's configured in the Openserve portal.
You should now be able to establish the PPPoE across the L2TP connection by using normal Radius config as seen here.