Freeradius and Mikrotik with Windows XP PPPoE ???

tcpip77 · May 14, 2006, 2:50pm

Ok I finally got freeradius and mysql working. Got MT to talk to it. So now I dream of testing it so I pull up my Windows XP Box and create a new internet connection : manul connection : PPPOE and then put in the test-user and test-pass as is described in the forums.

I get to the registering computer on network and then it says Error 734: The PPP Link control protocol was terminated.

I check the Log on MT and it says

pppoe,ppp,info : connected

pppoe,ppp,info : terminating… - Encryption negotiation not possible

pppoe,ppp,info : disconnected

I know I dont have something setup right. What am I missing…

Using MT 2.9.23

Travis

savage · May 14, 2006, 7:07pm

Disable MSCHAP / MSCHAP2 authentication on the PPPoE Server.

tcpip77 · May 14, 2006, 11:27pm

ok on the PPPoE Server I only have chap and pap selected now. Still gets the same error.

Beccara · May 15, 2006, 12:13am

In the PPPoE connection click on the properities > Security > Advanced (Custom Settings) > Settings

Take out the MSCHAP stuff in there and only allow PAP and CHAP

tcpip77 · May 15, 2006, 1:07am

I have gone into settings and only allowed PAP. Is there more I need to set on the Radius server?

PPPoE Server only accepts PAP and CHAP no MS CHAP

The client is only a PPPOE dialer with a security setting of only PAP

Should I try connecting with a different client

What client is a good for testing or making a connection

Travis

Beccara · May 15, 2006, 1:34am

On the MT router did you specify a ServiceName? if so you will have to add this into the Windows PPPoE connection

tcpip77 · May 15, 2006, 1:48am

Oh no I did not. This is set in the PPP Interfaces where I have the PPPoE Interface under Service? Correct?

tcpip77 · May 15, 2006, 1:55am

I added PAP to the line where it says Service. I dont believe I am setting up the PPPoE Server correctly.

Is there a document that helps show how to setup a PPPoE server correctly to use with freeradius server.. I dont want to waste anyones time when I can read about how to setup a PPPoE Server with freeradius first.

Travis

tcpip77 · May 15, 2006, 2:12am

Ok I had to add a profile for the PPPoE server, Make a PPPoE PPOOL and then set the attributes to NO ENCRYPTION in the PPPoE Profile Settings.

This allowed me to connect and get an IP address and dealt with the no encryption problem I was running into. Before addeing that profile it was trying to use the VPN Profile with required encryption.

Thanks so much, the last thought helped me find what was going on.

We need a Wiki Page on how to setup a proper PPPoE Server to use with Freeradius.

Travis

butche · May 15, 2006, 4:47am

Service Name does not HAVE to be in the PPPoE config on the Windows side. The use for this parameter is if there is more than one PPPoE server on the same physical network, it selects the specific server. It is not required in any other circumstance.

savage · May 15, 2006, 4:58am

Ahmen on the service name - it’s got nothing to do with authentication (though, it can be used if so need be).

For the beginners with PPPoE / Radius, I’d really suggest to walk big circles arround encryption / compression. From a radius point of view, that’s a whole new ball game to configure and it also adds a whole new level of complexity to the configurations.

Best bet to ensure you do NOT use any form of encryption, is to use PAP only for PPP Authentication, but that by itself has it’s own implications from a security point of view. At best, PAP,CHAP, but I believe encryption might still be possible with CHAP authentication - I’m not 100% on that right now…

–
C