Community discussions

MikroTik App
 
toxie
just joined
Topic Author
Posts: 11
Joined: Sat Sep 02, 2006 10:59 pm

Freeradius 1.1.0 + Mikrotik v2.9.7

Tue Oct 03, 2006 12:42 am

Recently i`ve configured freeradius with mikrotik to connect users via pppoe, pptp or l2tp.
The problem is that, when one user is connected, the other user is unable to connect.
Here are the logs.


--------------------------------------First user connects -------------------------
(46 messages discarded)
echo: radius,debug,packet Calling-Station-Id = "00:50:8D:68:DB:20"
echo: radius,debug,packet Called-Station-Id = "service1"
echo: radius,debug,packet NAS-Port-Id = "bridge1"
echo: radius,debug,packet Acct-Session-Id = "81000000"
echo: radius,debug,packet Framed-IP-Address = 10.194.244.149
echo: radius,debug,packet Acct-Authentic = 1
echo: radius,debug,packet Acct-Status-Type = 1
echo: radius,debug,packet NAS-Identifier = "MikroTik"
echo: radius,debug,packet NAS-IP-Address = 10.194.23.248
echo: radius,debug,packet Acct-Delay-Time = 0
echo: radius,debug,packet received Accounting-Response with id 124 from 10.194.2
3.246:1813
echo: radius,debug,packet Signature = 0x16c0ffe781452ce6261046058ecf4f61
[admin@MikroTik] >
echo: radius,debug received reply for 53:00
echo: radius,debug request 53:00 processed
[admin@MikroTik] >
(8 messages discarded)

---------------------------------- Second user is trying to connect --------------

echo: radius,debug,packet User-Name = "toxie"
echo: radius,debug,packet Calling-Station-Id = "00:C0:26:6D:16:09"
echo: radius,debug,packet Called-Station-Id = "service1"
echo: radius,debug,packet NAS-Port-Id = "bridge1"
echo: radius,debug,packet MS-CHAP-Challenge = 0xc87049d986b943c7773272b9f6c0
76dd
echo: radius,debug,packet MS-CHAP2-Response = 0x0100820169c2908c12b7cfbe01f2
55ef
echo: radius,debug,packet c1c200000000000000004320c48df468
echo: radius,debug,packet 8a58f84d8d4727c73ee24d4a4e886258
echo: radius,debug,packet e85c
echo: radius,debug,packet NAS-Identifier = "MikroTik"
echo: radius,debug,packet NAS-IP-Address = 10.194.23.246
echo: radius,debug could not receive packet for 53:04: Connection refused
[admin@MikroTik] >
(7 messages discarded)
echo: radius,debug,packet User-Name = "toxie"
echo: radius,debug,packet Calling-Station-Id = "00:C0:26:6D:16:09"
echo: radius,debug,packet Called-Station-Id = "service1"
echo: radius,debug,packet NAS-Port-Id = "bridge1"
echo: radius,debug,packet MS-CHAP-Challenge = 0xc87049d986b943c7773272b9f6c0
76dd
echo: radius,debug,packet MS-CHAP2-Response = 0x0100820169c2908c12b7cfbe01f2
55ef
echo: radius,debug,packet c1c200000000000000004320c48df468
echo: radius,debug,packet 8a58f84d8d4727c73ee24d4a4e886258
echo: radius,debug,packet e85c
echo: radius,debug,packet NAS-Identifier = "MikroTik"
echo: radius,debug,packet NAS-IP-Address = 10.194.23.246
echo: radius,debug could not receive packet for 53:04: Connection refused
[admin@MikroTik] >
(7 messages discarded)
echo: radius,debug,packet User-Name = "toxie"
echo: radius,debug,packet Calling-Station-Id = "00:C0:26:6D:16:09"
echo: radius,debug,packet Called-Station-Id = "service1"
echo: radius,debug,packet NAS-Port-Id = "bridge1"
echo: radius,debug,packet MS-CHAP-Challenge = 0xc87049d986b943c7773272b9f6c0
76dd
echo: radius,debug,packet MS-CHAP2-Response = 0x0100820169c2908c12b7cfbe01f2
55ef
echo: radius,debug,packet c1c200000000000000004320c48df468
echo: radius,debug,packet 8a58f84d8d4727c73ee24d4a4e886258
echo: radius,debug,packet e85c
echo: radius,debug,packet NAS-Identifier = "MikroTik"
echo: radius,debug,packet NAS-IP-Address = 10.194.23.246
echo: radius,debug could not receive packet for 53:04: Connection refused
[admin@MikroTik] >
echo: radius,debug timeout for 53:04
[admin@MikroTik] >

------------------------------------------------------------------------------------
The usernames and the passwords are ok.
When i tried to connect one user to one MT and the second user to another mikrotik everything works fine.But when i`m using only 1 MT, only one user can be logged in.
Does anybody had some issues like this before ? It`s really annoying me, cause i can`t figure it out where could be the problem.

P.S. While the first user is connected and the 2nd user initiate the connection, the packets simply does not reach the radius server.
I started radius with radiusd -X .
 
User avatar
Eugene
Forum Veteran
Forum Veteran
Posts: 993
Joined: Mon May 31, 2004 5:06 pm
Location: Cranfield, UK

Tue Oct 03, 2006 1:48 pm

Stupid question, but maybe you have L1 license which does not allow more than one user?
Tout individu a droit à la vie, à la liberté et à la sûreté de sa personne.
 
toxie
just joined
Topic Author
Posts: 11
Joined: Sat Sep 02, 2006 10:59 pm

Tue Oct 03, 2006 10:13 pm

Im having L6 license.So i don`t think that could be the problem.The problem is somewhere else.That`s why i`m asking on the forum.
 
User avatar
exebug
newbie
Posts: 43
Joined: Thu Jun 08, 2006 3:36 pm
Location: South Africa
Contact:

Sun Oct 08, 2006 5:11 pm

This might help : On the pppoe server interface you should take out mshap1 and mschap2

eXeBuG
 
toxie
just joined
Topic Author
Posts: 11
Joined: Sat Sep 02, 2006 10:59 pm

Sun Oct 08, 2006 9:08 pm

Same thing happens.I noticed that when nobody is connected to radius, radius server can ping mikrotik and mikrotik can ping radius too.When somebody connects to radius, radius can`t ping mikrotik anymore, neither the user, but mikrotik can ping the radius server and the user too without no problem.
 
Stryker777
Frequent Visitor
Frequent Visitor
Posts: 71
Joined: Fri Jul 07, 2006 11:40 pm
Contact:

Mon Oct 09, 2006 4:42 am

In pppoe server, did you buy any chance put on in max sessions? That is the total number of people that can log in at one time.
 
toxie
just joined
Topic Author
Posts: 11
Joined: Sat Sep 02, 2006 10:59 pm

Mon Oct 09, 2006 10:48 pm

I solved the problem, when i`ve changed in the ppp profile the local address from 10.194.23.246 to 10.194.26.246.And now it works fine.Max session i`ve left empty and unchecked.In profiles too in limits tab i`ve left on default the ONLY ONE option.

My users are on the 10.194.23.0/24 subnet and when they connect they should be on the 10.194.26.0/24 subnet.
I don`t get this: My radius server has the 10.194.23.246 address i have nothing on 10.194.26.246. How can this actually work ? When i`m connected and i try to ping ie. http://www.google.com i`m getting this

Pinging http://www.l.google.com [209.85.129.147] with 32 bytes of data:

Reply from 10.194.26.246: Destination net unreachable.
Reply from 10.194.26.246: Destination net unreachable.
Reply from 10.194.26.246: Destination net unreachable.
Reply from 10.194.26.246: Destination net unreachable.

Ping statistics for 209.85.129.147:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

What should i put on 10.194.26.246 ?

Who is online

Users browsing this forum: eworm and 134 guests