Mailing List Archive: PPPoE and HTTP Redirect

PPPoE and HTTP Redirect

Oct 2, 2020, 10:52 PM

Post #1 of 4 (819 views)

Hello all, I’m looking for some recommendations. I have a customer, an
ISP, who is doing PPPoE for residential and “some” smaller business
accounts. PPPoE terminated on an ASR9010, DaloRadius for authentication
and IP assignments. DaloRadius is configured for static IP per customer.
All that is working fine. Recently, we enabled HTTP redirect on the 9010
because the customer wanted to try out a walled garden for past due
accounts. So, past due accounts are handed a static 10.x.x.x IP, and
password changed. Next time customer re-auth’s, they get the 10.x IP
because of the bad pass, and put into the HTTP redirect jail, and are
supposed to be redirected to a http site. “Sometimes” http redirect works,
sometimes it doesn’t. It seems as though it depends on the destination
address the end user is trying to go to.

At any rate, the ISP is wanting to investigate something else for PPPoE and
their walled garden. Has anyone used anything else successfully for PPPoE
auth, and walled garden jail? Something that is a bit more seamless? The
ISP has their own home-brewed billing/account software, and just wants a
redirect to their landing page to work each time when a customer is
disconnected for non-pay. I have not done a lot with PPPoE myself, so
reaching out for possible 3rd party solutions that can do all-in-one.

Thanks.
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: PPPoE and HTTP Redirect [ In reply to ]

eugen at grosbein

Oct 2, 2020, 11:59 PM

Post #2 of 4 (819 views)

Permalink

03.10.2020 12:52, Scott Miller wrote:

> Hello all, I’m looking for some recommendations. I have a customer, an
> ISP, who is doing PPPoE for residential and “some” smaller business
> accounts. PPPoE terminated on an ASR9010, DaloRadius for authentication
> and IP assignments. DaloRadius is configured for static IP per customer.
> All that is working fine. Recently, we enabled HTTP redirect on the 9010
> because the customer wanted to try out a walled garden for past due
> accounts. So, past due accounts are handed a static 10.x.x.x IP, and
> password changed. Next time customer re-auth’s, they get the 10.x IP
> because of the bad pass, and put into the HTTP redirect jail, and are
> supposed to be redirected to a http site. “Sometimes” http redirect works,
> sometimes it doesn’t. It seems as though it depends on the destination
> address the end user is trying to go to.
>
> At any rate, the ISP is wanting to investigate something else for PPPoE and
> their walled garden. Has anyone used anything else successfully for PPPoE
> auth, and walled garden jail? Something that is a bit more seamless? The
> ISP has their own home-brewed billing/account software, and just wants a
> redirect to their landing page to work each time when a customer is
> disconnected for non-pay. I have not done a lot with PPPoE myself, so
> reaching out for possible 3rd party solutions that can do all-in-one.

I'm pretty sure the problem occurs due to HTTP/HTTPS differences,
so for plain unencrypted HTTP user request it works but for HTTPS is does not, and should not.
HTTPS is made to prevent such in-the-middle embedding from working.

_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: PPPoE and HTTP Redirect [ In reply to ]

cisco-nsp at puck

Oct 3, 2020, 9:11 AM

Post #3 of 4 (819 views)

Permalink

_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Mailing List Archive

Attached Files:

Attached Files: