A very odd problem

mudasir · December 7, 2012, 10:41pm

Hi,

I have setup Freeradius with a custom developed PHP/MySQL based fronted for Freeradius. Mikrotik is using freeradius for PPP based authentication.
Freeradius is configured with very basic “radcheck” and “radgroupreply” attributes.

The issue is that there is a specific Wireless routers which when connected using username/password from radius creates issue in resolving DNS (not even connecting to local DNS). What happens in this case is that the client connected to the wireless router is not even able to perform simple nslookup query. DNS is on different network than that of the client. Routes are being pushed using DHCP. In this case if I set primary DNS to be the IP of the Mikrotik router things work fine.
Example. client network=10.0.1.0/24, DNS Server=192.168.100.2,192.168.100.3, Mikrotik IP=172.16.0.2
Things work fine if I set DNS to be 172.16.0.2 (which is not the main DNS Server).

The same wireless router when connected using username/password created in Mikrotik PPP Secret section works fine.
This is happening with only D-Link (dir-600) wireless routers.
I have tested linksys, tp-link, tenda and few other brands which work perfectly fine in both scenarios.

More details can be provided.

mudasir · December 8, 2012, 8:14pm

BUMP

glucz · December 9, 2012, 9:30am

Hello,

I don’t pretend to have thought through everything that you wrote, but have a suggestion that I use sometimes. Set up a redirect rule in your RouterOS to redirect any port 53 traffic (tcp+udp) to localhost 53. Then enable the DNS server with 8.8.8.8/8.8.4.4 (you may have to allow remote queries, but block WAN interface traffic to port 53 to avoid DNS magnification attacks). This way if DNS traffic is passed to RouterOS erroneously, it will still be able to process them.

GL

mudasir · December 9, 2012, 9:35am

Hi,

I can not use Free DNS Servers. I have local-sites running with few custom DNS entries and Reverse Pointers setup on the DNS Server.

The issue that is confusing me is that how can it works when connecting the ID created in Mikrotik and not work when connecting the ID created in RADIUS. If anyone can clarify this thing then I think I can figure out a way to resolve the issue.