Page 1 of 1

Radius & PPTP

Posted: Mon Jan 12, 2009 2:43 pm
by tomi_isp
Hi,

question, maybe BFU ;)

- how I can set ,,Local IP,, address for PPTP user when is authorizing over Radius ? If I not have set this IP in default profile in PPP, users are after authorizing at Radius disconected


Thanks

/Tomi

Re: Radius & PPTP

Posted: Mon Jan 12, 2009 5:54 pm
by Chupaka
why not just set it in profile? =)

Re: Radius & PPTP

Posted: Mon Jan 12, 2009 6:24 pm
by savage
You have to set Local-Address in a profile, it can't be done via Radius

Re: Radius & PPTP

Posted: Tue Jan 13, 2009 6:01 pm
by tomi_isp
why not just set it in profile? =)
because I have some VPNs what have differenet Local IPs than others (for example LAN-to-LAN VPN have another local ip than Remote Users)
and another q, its possible select Profiles over radius ?

Re: Radius & PPTP

Posted: Tue Jan 13, 2009 6:13 pm
by savage
No, you can't.

1) use mutiple profiles, or
2) rethink what you are doing.

Based on what I am reading, there should be better ways to achieve what you want...

Re: Radius & PPTP

Posted: Tue Jan 13, 2009 6:36 pm
by tomi_isp
No, you can't.

1) use mutiple profiles, or
2) rethink what you are doing.

Based on what I am reading, there should be better ways to achieve what you want...
how you mean that multiple profiles ? Profiles is only for Local Users, not ? And I talk about radius.
I have multiple profiles and they are assigned to each group of users, but its Local and I want move it to Radius.

Re: Radius & PPTP

Posted: Thu Jun 10, 2010 8:10 pm
by darencrew
Hello,

I have the same problem but it seems that the solution has not been found... or i missed something :?

Is there a way to specify, by RADIUS, which profile to use?

Regards

Re: Radius & PPTP

Posted: Fri Jun 11, 2010 1:42 am
by Chupaka
omg... please explain why do you need that =)

Re: Radius & PPTP

Posted: Fri Jun 11, 2010 10:25 am
by darencrew
In fact, the client connect to the server through two pptp tunnels (each one related to a different link support), so both get the same gateway...

- diagnosing by which one traffic goes (from a traceroute from lan side) is almost impossible

- I worry about possible mixing in routes

Specifying server local-address seems to be impossible from RADIUS, it has to bet set in profile, so the last solution (before having to set all logins "ppp secrets" would be to have two profiles with different local-address and choose which one to use from RADIUS...

Maybe there's another way but i don't know which one....

Re: Radius & PPTP

Posted: Fri Jun 11, 2010 1:40 pm
by Chupaka
you may set 'local-address' to almost anything you want - I just don't understand why do you need to vary it...

do you use public addresses? if no - you may just use different address pool to distinguish clients from the LAN side...

Re: Radius & PPTP

Posted: Fri Jun 11, 2010 1:53 pm
by SurferTim
I use RADIUS on the hotspot, and the attribute "Mikrotik-Group" selects "/ip hotspot user profile". I enter a profile in "/ip hotspot user profile" named newprofile, then I return "Mikrotik-Group=newprofile" with the Access-Accept message. Does that sound like it might work with this protocol?

Re: Radius & PPTP

Posted: Fri Jun 11, 2010 2:39 pm
by darencrew
I don't know if SurferTim message is a question or a suggestion, anyway I don't know if its setup works, it might, in hotspot mode, but when not using this mode?

My PPTP client is not a hotspot...

Any idea?

Re: Radius & PPTP

Posted: Fri Jun 11, 2010 2:44 pm
by SurferTim
It is both. To be honest, I learned of the Mikrotik-Group by 'playing' with the OS. Same way I figured out radius-default-domain. Set up a test. Use parameters that you would certainly be able to tell the profile was changed. Try not to affect any other profiles with the test if the router is in service.

I am certain that the router I play with would rather be anywhere but here. I torture it regularly. :D

Re: Radius & PPTP

Posted: Fri Jun 11, 2010 4:01 pm
by darencrew
I tried Mikrotik-Group it has no effect, with different operators ":=" "=" "=="

radius-default-domain is a hotspot parameter... so it has no effect on pptp server...

Another idea :(

Re: Radius & PPTP

Posted: Fri Jun 11, 2010 4:11 pm
by SurferTim
Just a thought. I checked the docs in the radius section, and "Mikrotik-Group" appears to apply only to "/user group" and "/ip hotspot user profile". :(

EDIT: I see your next post. Didn't want to add another post. If anyone can do it, it will be Chupaka.

Re: Radius & PPTP

Posted: Fri Jun 11, 2010 4:31 pm
by darencrew
Maybe Chupaka will have a magic idea... hope so...