Community discussions

 
reeeq
just joined
Topic Author
Posts: 16
Joined: Tue Apr 28, 2009 5:25 pm

mikrotik framed-ip-address and framed-ip-pool bug

Wed Apr 29, 2009 3:09 pm

Hello,

any other ever experienced that the mikrotik will be locked / hang when it received framed-ip-address or framed-ip-pool reply from radius.

i tried on mikrotik 3.23, 3.22, i guess all of 3.x have that bug,
because it is not happened on mikrotik 2.9.51.

any confirmation please,

thank you
 
User avatar
magic
Frequent Visitor
Frequent Visitor
Posts: 52
Joined: Fri Mar 04, 2005 9:53 pm
Location: Sopron, Hungary
Contact:

Re: mikrotik framed-ip-address and framed-ip-pool bug

Wed Apr 29, 2009 4:27 pm

Hi,

It works fine for me both in 3.22 and 3.23.
Krisztian Gancs
RLAN Internet Ltd.
http://www.rlan.hu
 
reeeq
just joined
Topic Author
Posts: 16
Joined: Tue Apr 28, 2009 5:25 pm

Re: mikrotik framed-ip-address and framed-ip-pool bug

Wed Apr 29, 2009 5:34 pm

Hi,

what kind attribute did you use for 3.22 or 3.23,
since i even tried it with userman, but the result is the same, the mikrotik lock up.

i have make sure that the pool name already exist on mikrotik (when i used framed-ip-pool), and do make sure that the ip static that i want to assign are available too (when i used framed-ip-address).

anyway, the same configuration does work on 2.9.51.

or maybe there are some conflicting package on the mikrotik,
i installed all packages on the mikrotik except xen package.

thank you
 
reeeq
just joined
Topic Author
Posts: 16
Joined: Tue Apr 28, 2009 5:25 pm

Re: mikrotik framed-ip-address and framed-ip-pool bug

Wed Apr 29, 2009 8:39 pm

And what service did you used ?
ppp or hotspot ?

i'm currently have the problem on hotspot service,
the router will lock when a user that has ip assign or pool assign from radius trying to login.
 
SurferTim
Forum Guru
Forum Guru
Posts: 4637
Joined: Mon Jan 07, 2008 10:31 pm
Location: Miramar Beach, Florida

Re: mikrotik framed-ip-address and framed-ip-pool bug

Wed Apr 29, 2009 10:56 pm

I checked the "Framed-Pool" value on a RB433AH and FreeRADIUS. It works. See this post:
http://forum.mikrotik.com/viewtopic.php?f=2&t=31374

ADD: I just checked the "Framed-Pool" on the DHCP server also. It assigned the correct ip pool. No lockup. Tried the same setup with a hotspot on the interface. RADIUS issued the Framed-Pool, and the user/password for the login. Also no lockup.
 
reeeq
just joined
Topic Author
Posts: 16
Joined: Tue Apr 28, 2009 5:25 pm

Re: mikrotik framed-ip-address and framed-ip-pool bug

Thu Apr 30, 2009 7:48 am

I already read this post,
and i know that when the framed-ip-pool assign it will be on one-to-one nat.

on my 2.9.51 it works,
but not with 3.x,
trying on other hardware, trying on usermanager as radius,
nothing work when you assign frame-ip-pool or frame-ip-address, it will lock the mikrotik.

anyone else has this experience ?
 
SurferTim
Forum Guru
Forum Guru
Posts: 4637
Joined: Mon Jan 07, 2008 10:31 pm
Location: Miramar Beach, Florida

Re: mikrotik framed-ip-address and framed-ip-pool bug

Thu Apr 30, 2009 10:51 am

I know that is a typo, isn't it? It is not "framed-ip-pool", just "Framed-Pool", correct? I just checked it again on a RB433AH V3.13 with hotspot and dhcp. Works fine. No lock.

I know. I have heard it before. I guess I am just lucky... :D
 
reeeq
just joined
Topic Author
Posts: 16
Joined: Tue Apr 28, 2009 5:25 pm

Re: mikrotik framed-ip-address and framed-ip-pool bug

Thu Apr 30, 2009 10:56 am

yups,
typo :p i meant frame-pool,
btw SurferTim,
would you test your MT box by using radius from built in usermanager ?
is it working fine too ?

thk u
 
SurferTim
Forum Guru
Forum Guru
Posts: 4637
Joined: Mon Jan 07, 2008 10:31 pm
Location: Miramar Beach, Florida

Re: mikrotik framed-ip-address and framed-ip-pool bug

Thu Apr 30, 2009 11:09 am

Unfortunately, I do not use the UserManager. I use FreeRADIUS. I use a diagnostic program included with FreeRADIUS called radtest to insure the server is returning the correct values before attempting any tests. I do not know if the same feature exists for the UserManager.

I do know that most RADIUS releases will not return a value if that value is not listed in the RADIUS dictionary, so incorrect spelling or caps should not cause a problem, it just won't return that value. That causes a problem only if another value returned depends on that value getting through.

ADD: Is you UserManager installed on the same device that is failing?
Last edited by SurferTim on Thu Apr 30, 2009 11:21 am, edited 1 time in total.
 
reeeq
just joined
Topic Author
Posts: 16
Joined: Tue Apr 28, 2009 5:25 pm

Re: mikrotik framed-ip-address and framed-ip-pool bug

Thu Apr 30, 2009 11:18 am

Yes, the same like mine, i'm using freeradius too,
i tried freeradius and usermanager as radius server on MT 2.9.51, worked.
i tried freeradius and usermanager as radius server on MT 3.22, 3.21, the MT hang.

you could get the usermanager on you MT by installing usermanager package for your version,
logging in to usermanager using http://yourMTipaddress/userman (if you still using port 80 as your http port),
create some user with pool or ip static assigned,
create router(NAS) with ip 127.0.0.1 and somesecretNAS,
pointing your hotspot profile to 127.0.0.1 and same secretNAS,
and tried to logging in the user that created by usermanager via hotspot interface.
 
SurferTim
Forum Guru
Forum Guru
Posts: 4637
Joined: Mon Jan 07, 2008 10:31 pm
Location: Miramar Beach, Florida

Re: mikrotik framed-ip-address and framed-ip-pool bug

Thu Apr 30, 2009 11:23 am

Well, if you are using FreeRADIUS, how does radtest work with the request from it? From a shell
radtest user password 127.0.0.1 0 radiussecret
Is it returning what you expect?

ADD: If you do not return the Framed-Pool value, does the MT box still lock? And all the IP pools are in the localnet for the hotspot interface, correct? And none overlap?
 
reeeq
just joined
Topic Author
Posts: 16
Joined: Tue Apr 28, 2009 5:25 pm

Re: mikrotik framed-ip-address and framed-ip-pool bug

Thu Apr 30, 2009 12:20 pm

Yes,
of course, radtest to freeradius returning the attribute that i want to for frame-pool and frame-ip-pool,
the freeradius frame-pool and frame-ip-address working fine on 2.9.51.

When i didnt use frame-pool or frame-ip-address reply to MT 3.22, 3.23, all working fine (no lock up).


any suggestion or information from MT guy ?
 
SurferTim
Forum Guru
Forum Guru
Posts: 4637
Joined: Mon Jan 07, 2008 10:31 pm
Location: Miramar Beach, Florida

Re: mikrotik framed-ip-address and framed-ip-pool bug

Thu Apr 30, 2009 12:25 pm

If you want faster response, generate a supout.rif file and email it to support (at) mikrotik.com with a brief explanation of the problem. I would do it right now, before they go home for the weekend!!
 
reeeq
just joined
Topic Author
Posts: 16
Joined: Tue Apr 28, 2009 5:25 pm

Re: mikrotik framed-ip-address and framed-ip-pool bug

Thu Apr 30, 2009 12:34 pm

Thank You SurferTim,
anyway i tried to downgrade to 3.13, and it is working !!
thank you for your previous post that mention you are using 3.13,
i'm gonna try another version of MT 3.x,
making it sure.
 
SurferTim
Forum Guru
Forum Guru
Posts: 4637
Joined: Mon Jan 07, 2008 10:31 pm
Location: Miramar Beach, Florida

Re: mikrotik framed-ip-address and framed-ip-pool bug

Thu Apr 30, 2009 12:42 pm

I know what you mean... That is why I always try to include what hardware/software I am using this on. Sometimes that is the key. I would recommend generating a supout.rif file, and email it to support, and certainly if it works on V3.13, and not on the later versions.

The MikroTik crew tried to get me to update my boxes to V3.22 in the middle of my SnowBird season. I politely refused, citing the potential for a very angry mob storming my house in the middle of the night if the update fails.
 
reeeq
just joined
Topic Author
Posts: 16
Joined: Tue Apr 28, 2009 5:25 pm

Re: mikrotik framed-ip-address and framed-ip-pool bug

Thu Apr 30, 2009 1:17 pm

Here is my conclusion (not the absolute one :p),
previous version of 3.13 will work with hotspot frame-pool and frame-ip-address (i tried on 3.13,3.10, 2.9.51)
and will fail (MT box will hang) if I use version after 3.13 ( i tried on 3.15, 3.16, 3.22, until the newest one 3.23).

maybe the information can help any one who face the same problem :)

thks
 
User avatar
omega-00
Forum Guru
Forum Guru
Posts: 1167
Joined: Sat Jun 06, 2009 4:54 am
Location: Australia
Contact:

Re: mikrotik framed-ip-address and framed-ip-pool bug

Thu Apr 30, 2009 2:38 pm

hehe surfertim I know your feeling exactly :-)

I should look at some way to drop both a copy of the current MT package (stored in a temp folder) and a newer one on a router, and force it to downgrade 5 minutes after reboot if the startup script is not disabled or removed.

This would mean we could test back in the office (to confirm the mikrotik package applied and didn't brick the router) then attempt on a remote device, if it we can't access it within 5 minutes of it starting it then will run the downgrade script to pull the old package file out of the folder and then downgrade/reboot to previous settings.

Works in theory I guess but theres still a level of risk as you're running a downgrade on a system that may now be broken.
 
Ozelo
Member
Member
Posts: 338
Joined: Fri Jun 02, 2006 3:56 am

Re: mikrotik framed-ip-address and framed-ip-pool bug

Mon May 04, 2009 4:09 pm

Dear all,


We don't know really if it is all about irregular radius attributes, but last weekend we faced something new. After a abnormal behavior of our freeradius suddenly many of our devices stuck within the IP POOL facility. We would like to know if anyone are facing a similar problem shown in the screenshot below:

Image

We contacted support, both screenshot and supout files was sent. Hope we can solve this problem ASAP. We just think that MT ROS could be more robust against such a abnormal behavior.


Thanks
Ozelo
MTCRE - 1104RE006
MTCINE - 1104INE001
 
Ozelo
Member
Member
Posts: 338
Joined: Fri Jun 02, 2006 3:56 am

Re: mikrotik framed-ip-address and framed-ip-pool bug

Mon May 04, 2009 8:11 pm

Ok folks, Ive found part of the problem. MT ROS IP Pool facility started a endless loop when there was an entry with EMPTY INFO, as shown above. It will eventually lock your board. In my case, MT goes crazy just because our radius was abnormally sending access-accept for empty user and password packets. IF you prevent blank entries on the ROS ip pool facility, this problem don't happen. My case!

Thanks
Ozelo
MTCRE - 1104RE006
MTCINE - 1104INE001

Who is online

Users browsing this forum: MSN [Bot] and 124 guests