Another Radius client for Asterisk
Overview
It’s another project that brings RADIUS AAA capabilities to Asterisk PBX.
It is written in C as a module for Asterisk 1.2 and later, and it uses Sobomax radius-client-ng library.
RADIUS attributes are used as per Cisco VSA Voice Implementation Guide, which provides compatibility with many billing platforms. Realm based authentication. No more patching needed!
Authentication:
- authenticate call via RADIUS protocol
- authenticate by general “account + password”, which can mean anything depending on the service you are willing to implement i.e. ANI authorization, prepaid cards…
- it can process also Quintum VSA.
Once this radius client received the reply from the radius server. The radius A/V pairs reply were processed inside the module as folllows (familiar dialplan function and application name were use to easily comprehend the process);
| Radius A/V pair | Asterisk function called |
|---|---|
| User-Name=1234 | SetAccount(1234) |
| cisco-h323-credit-time=h323-credit-time=3600 | Timeout(absolute=3600) |
| cisco-h323-credit-amount=h323-credit-amount=1.25 | Set(PinBalance=1.25) |
| csico-h323-currency=h323-currency=php | Set(ISO4217=php) |
| cisco-h323-preferred-lang=h323-preferred-lang=en | SetLanguage=en |
| cisco-AVPair=h323-ivr-in=val1:val2 | Set(val=val2) |
| cisco-AVPair=val1=val2 | Set(val1=val2) |
| cisco-h323-redirect-number=h323-redirect=number=632123467 | “set to variable ${EXTEN}” |
In case of reject reply with an attribute of h323-return-code, this radius client will internally issue a Goto command to an extension with label equivalent to that h323-return-code. See the example dialplan below.
'_Z.' => 1. viaRadius(9|||callrate|${CONTEXT}|${EXTEN}|) [pbx_ael]
2. NoOP(${ACCOUNTCODE}|${PinBalance}|${TIMEOUT(absolute)}|${CallMinutes}) [pbx_ael]
3. Goto(calldest|${EXTEN}|1) [pbx_ael]
[Failed-Service-Not-Available] 4. NoCDR() [pbx_ael]
5. Playback(silence/1&dial-invalid|noanswer) [pbx_ael]
6. hangup() [pbx_ael]
[Failed-Insufficient-Balance] 7. NoCDR() [pbx_ael]
8. Playback(silence/1&insufficient-fund|noanswer) [pbx_ael]
9. hangup() [pbx_ael]
[Failed-Invalid-Account] 10. NoCDR() [pbx_ael]
11. Playback(silence/1&pin-invalid|noanswer) [pbx_ael]
12. hangup()
The above example uses realm callrate, that is for callrating purpose. In case the radius server reject with h323-return-code=12, it goes to the extension with lable name equivalent to 12 or Failed-Insufficient-Balance (see Cisco VSA for h323-return-code). As another example of its use, see the dialplan below.
'1333' => 1. viaRadius(9|||chkbalance|${CONTEXT}|${EXTEN}|) [pbx_ael]
2. NoOP(${ACCOUNTCODE}|${PinBalance}|${ISO4217}) [pbx_ael]
[Play-Credit] 3. Macro(play-credit|${WHOLE}|${WHOLEGSM}|${FRACTION}|${FRACTIONGSM}) [pbx_ael]
4. hangup() [pbx_ael]
Now where’s the Macro arguements coming from. See the actual call log,
Aug 8 16:04:56 VERBOSE[18490] app_viaradius.c: RADIUS AV PAIR to be sent
User-Name = 'default@chkbalance'
Calling-Station-Id = '09797280109'
Called-Station-Id = '1333'
Aug 8 16:04:56 VERBOSE[18490] app_viaradius.c: RADIUS AV PAIR received
User-Name = '6397122230'
Cisco-h323-credit-amount = 'h323-credit-amount=414.992'
Cisco-h323-currency = 'h323-currency-type=php'
Cisco-h323-preferred-lang = 'h323-preferred-lang=en'
Cisco-AVPair = 'h323-ivr-in=WHOLE:414'
Cisco-AVPair = 'h323-ivr-in=FRACTION:99'
Cisco-AVPair = 'h323-ivr-in=WHOLEGSM:dpi-pesos'
Cisco-AVPair = 'h323-ivr-in=FRACTIONGSM:dpi-centavos'
April 7, 2023
Phone System 