PPPoE Freeradius authentication problem

dseira · January 16, 2012, 12:38pm

Hi all,

I’m trying to implement a Freeradius authentication for the PPPoE users.

I configure the freeradius and with the ntradping or radtest, it responds to my requests correctly. The problem comes when I try to authenticate a user through a pppoe client (windows for testing). I can see in the log that the connection is established and the user is authenticated. The problem is next, the pppoe server send the message

could not determine remote IP address

.

I’ve configured an IP pool in the freeradius for the remote users IP (10.0.0.10-10.0.0.20 for example) and in the freeradius accounting table I can see that the user has an IP from the pool; in this table, also, appears the

NAS-Error

termination cause.

In the Mikrotik PPPoE server profile I have a profile with a pool for local address (in this case created in the same mikrotik; 10.11.12.10-10.11.12.20); in the remote address I put nothing (because the radius sends the IPs).

In the freeradius users I configure the next attributes:

Pool-Name := PPPoE_Pool
Service-Type:= Framed-User
Framed-Protocol := PPP
Framed-MTU := 1500
Mikrotik-Group := PPPoE_2MB
Cleartext-Password := 1234

I’ve read several forum posts with the similar issue but I’m unable to resolve it. I put a local IP address in the profile but it doesn’t work.

Why the PPPoE Server responds that “could not determine remote IP address”? What can be the problem?

Thanks for all,

David

P.S: The freeradius version is 2.1.10 and mikrotik is a RB-433 with routerOS 4.17

dseira · January 8, 2013, 9:17am

Is possible that I need another attribute for the remote address? Why does the RouterOS send a NAS-Error packet to the radius accounting?

dseira · January 8, 2013, 12:02pm

I’ve seen in the freeradius debug the next packets:

Access Request from RB600

rad_recv: Access-Request packet from host XXX.XXX.XXX.XXX port 60765, id=11, length=150
        Service-Type = Framed-User
        Framed-Protocol = PPP
        NAS-Port = 15
        NAS-Port-Type = Ethernet
        User-Name = "user4"
        Calling-Station-Id = "XX:XX:XX:XX:XX:XX"
        Called-Station-Id = "PPPoE_Server"
        NAS-Port-Id = "LAN_etn3"
        CHAP-Challenge = 0xda4a5f88f7efa46acdce25f94fe604b0
        CHAP-Password = 0x01b0f5a86cf4c3bc18faa95bb7290cd4db
        NAS-Identifier = "MikroTik"
        NAS-IP-Address = XXX.XXX.XXX.XXX

Access Accept from Freeradius

Sending Access-Accept of id 11 to XXX.XXX.XXX.XXX port 60765
        Framed-IP-Address = XXX.XXX.XXX.XXX
        Acct-Interim-Interval := 300
        WISPr-Bandwidth-Max-Down := 1024000
        WISPr-Bandwidth-Max-Up := 256000

Accounting Request from RB600

rad_recv: Accounting-Request packet from host XXX.XXX.XXX.XXX port 52788, id=12, length=153
        Service-Type = Framed-User
        Framed-Protocol = PPP
        NAS-Port = 15
        NAS-Port-Type = Ethernet
        User-Name = "user4"
        Calling-Station-Id = "XX:XX:XX:XX:XX:XX"
        Called-Station-Id = "PPPoE_Server"
        NAS-Port-Id = "LAN_etn3"
        Acct-Session-Id = "81600009"
        Framed-IP-Address = XXX.XXX.XXX.XXX
        Acct-Authentic = RADIUS
        Event-Timestamp = "Jan  8 2013 12:40:20 CET"
        Acct-Status-Type = Start
        NAS-Identifier = "MikroTik"
        NAS-IP-Address = XXX.XXX.XXX.XXX
        Acct-Delay-Time = 0

Accounting Request from RB600 closing the connection

rad_recv: Accounting-Request packet from host XXX.XXX.XXX.XXX port 48944, id=13, length=201
        Service-Type = Framed-User
        Framed-Protocol = PPP
        NAS-Port = 15
        NAS-Port-Type = Ethernet
        User-Name = "usuario4"
        Calling-Station-Id = "XX:XX:XX:XX:XX:XX"
        Called-Station-Id = "PPPoE_Server"
        NAS-Port-Id = "LAN_etn3"
        Acct-Session-Id = "81600009"
        Framed-IP-Address = XXX.XXX.XXX.XXX
        Acct-Authentic = RADIUS
        Event-Timestamp = "Jan  8 2013 12:40:21 CET"
        Acct-Session-Time = 1
        Acct-Input-Octets = 202
        Acct-Input-Gigawords = 0
        Acct-Input-Packets = 9
        Acct-Output-Octets = 109
        Acct-Output-Gigawords = 0
        Acct-Output-Packets = 8
        Acct-Status-Type = Stop
        Acct-Terminate-Cause = NAS-Error
        NAS-Identifier = "MikroTik"
        NAS-IP-Address = XXX.XXX.XXX.XXX
        Acct-Delay-Time = 0

The user is disconnected in 1 second, the pppoe client return a disconnection error from the server. In the RouterOS log appears this lines:

PPPoE connection established from XX:XX:XX:XX:XX:XX
<pppoe-0>: waiting for call...
<pppoe-0>: authenticated
<pppoe-0>: terminating... - could not determine remote IP address
<pppoe-0>: disconnected

Has Anyone the same problem? What can be the reason for that disconnection?

savage · January 8, 2013, 1:54pm

The log entry could definately be written better…

You need to specify the local-IP address in the PPP Profile that is being used on the Mikrotik.