Page 1 of 1

Can't connect to User Manager with another interface than physical

Posted: Thu Aug 10, 2017 9:51 pm
by andresrv94
Hi, i have a problem with user manager.

I have user manager installed in a Router, let's call it A, and there are a lot of routers that provide service with PPPoE.

The routers asks router A to authenticate the users instead of using local secrets. I could make the system work but i have a big problem. It doesn't work if in the routers that ask for authentication i don't select an IP adress of the physical interface where the router A answers.

This is a problem because i have a redundant network running OSPF, and if the interface which have the IP that i configure goes down i could be reaching the router but the radius server would be pointing to the ip of the down interface. I want to select a loopback interface of router A in the routers but it doesn't work.

What i could see is that the routers asks to the IP of the loopback interface of the router A and router A answers but from the ip of the physical interface where the packet is going out. When this packet arrives to the router who made the request, it drop it because it comes from another IP.

Re: Can't connect to User Manager with another interface than physical

Posted: Thu Aug 10, 2017 10:26 pm
by ZeroByte
You need to use a loopback interface.

Create a bridge without adding any interfaces to it as ports.
Then put a unique /32 IP address onto the loopback interface.
Make sure this /32 is available in your OSPF routing table as well.

then this IP address becomes the official IP address of the router.

Use that IP for RADIUS.

Re: Can't connect to User Manager with another interface than physical

Posted: Thu Aug 10, 2017 10:47 pm
by andresrv94
I have a loopback IP address configured in that way, that runs OSPF and is reacheable.

I sniffed the flow and i can see that the request is sent by the NAS, then the RADIUS answers but with a different source address.. the IP address of the physical interface instead of loopback one.

Something like this:

IP Loopback NAS(Brings PPPoE): 10.0.0.1
IP Loopback RADIUS(User Manager):10.0.0.2

IP of physical interface of the router RADIUS: 192.168.1.20

The sequence is like this:
RADIUS REQUEST: Src Address: 10.0.0.1---Dst Address: 10.0.0.2
RADIUS ANSWER: Src Address: 192.168.1.20--Dst Address: 10.0.0.1

Re: Can't connect to User Manager with another interface than physical

Posted: Fri Jan 08, 2021 11:52 am
by ambo
Anyone found a solution to this?