Hi,
I have found an interesting problem with the current mikrotik OS (6.28). Here are some scenarios:
Scenario 1:
Mikrotik 1 IP: LAN:192.168.88.1 / WAN: <PUBLIC IP 1>
FreeRadius server IP: <PUBLIC IP 2>
Scenario 2:
Mikrotik 1 IP: LAN:192.168.88.1 / WAN:192.168.1.20
ADSL Modem IP: LAN: 192.168.1.1 / WAN: <PUBLIC IP 1>
FreeRadius server IP: <PUBLIC IP 2>
If I use Scenario 1: Radius authentication works fine. The Radius attribute NAS-IP-Address uses <PUBLIC IP 1> and the Radius can communicate back to this ip address.
If I use Scenario 2: Radius authentication fails with “NAS not found”. Pinging the radius server from the MikroTik gives success. Doing a wireshark trace on the packets being sent back and forth shows that the NAS-IP-Address is using MikroTik’s WAN IP which is 192.168.1.20. The radius server receives this value but is mismatched in the NAS database. Creating a NAS in FreeRadius with this IP would not help either because the radius cannot send it messages back to that address as it is a private ip address.
I do not see any way to force the NAS-IP-Address to value of my choice. If I
could, then I would set it to the current WAN IP of the ADSL modem in this scenario and everything would be fine. I have set up the ADSL modem so that the DMZ points to MikroTik’s WAN IP.
Suggestions?
Quinn