forked from spinesystemspublic/documentation
Add gaming option
This commit is contained in:
Denys Fedoryshchenko
@@ -0,0 +1,36 @@
|
|||||||
|
## Gaming service
|
||||||
|
|
||||||
|
### Configure pppoes
|
||||||
|
/etc/api.conf
|
||||||
|
```
|
||||||
|
apikey=SecretTokenRandom
|
||||||
|
allowip=10.168.100.
|
||||||
|
```
|
||||||
|
allowip must be set to ip of your nat
|
||||||
|
|
||||||
|
### Configure radius
|
||||||
|
Configure for gaming service radius attribute "Login-LAT-Service" with value "gaming"
|
||||||
|
|
||||||
|
### Configure nat
|
||||||
|
* Run several instances of pppoe gaming pollers that will retrieve list of gaming users
|
||||||
|
```
|
||||||
|
gamingclient -u http://pppoeip:apiport/ -k SecretTokenRandom
|
||||||
|
```
|
||||||
|
apiport by default 9000, might be different in some cases
|
||||||
|
|
||||||
|
* Configure ipset for gaming users
|
||||||
|
```
|
||||||
|
ipset create gamingclients hash:net timeout 120
|
||||||
|
```
|
||||||
|
Also add relevant rules to nat users to different pool, for example:
|
||||||
|
```
|
||||||
|
iptables -t nat -A POSTROUTING -m set --match-set gamingclients src -j SNAT --to-source $GAMING --persistent
|
||||||
|
```
|
||||||
|
where $GAMING is ip of your gaming pool (1.2.3.1-1.2.3.10 for example)
|
||||||
|
|
||||||
|
### How it works?
|
||||||
|
* User login and get gaming service attribute from radius
|
||||||
|
* API daemon will detect such user and put in special list available over API HTTP GET request
|
||||||
|
* Gaming poller will retrieve list of users and put them in ipset each X seconds
|
||||||
|
* NAT will detect users in ipset and will put them in gaming pool
|
||||||
|
* If user will be disconnected, gaming poller will not readd user, and it will be removed from ipset after 120 seconds by ipset timeout
|
||||||
Reference in New Issue
Block a user