Hello all,
I need help setting up an environment to deliver the best solution to my internal network. Now I have several Freeradius running and all of them are redundant. They use SQL as authentication, authorization and accounting purpose and I am running a SQL IPPool for my NAS. I need sqlippool and I net SQL as well. I also need to have several Mikrotik PPPoE NAS running in an array where they can respond redundantly. This is my actual network layout (I am not lining up my physical network so the drawing is not too big):
For the layout I have in the same physical area the communication running over ethernet or fiber. I am using Simultaneous-Use and it's working fine. My problem is to identify if that simultaneous check is true! Why? Because for some reasons some times Mikrotik shutdown (power problems, for example, or a person take the power cord off the NAS). I know, this is extreme, but I need to be prepared for that.
So I tough on using checkrad. It works fine (SNMP, telnet is not working and I am not a Perl programmer so I was not able to solve the problem) when I have some connections running one after another, like, 10 PPPoE tunnels and I can start them one at a time. When they all start together (even thou they are just 10 sessions) checkrad hangs and let people connect simultaneously. Worse than the simultaneous connections is that Freeradius/Checkrad takes too much time to let people connect. Without checkrad it takes like 6 seconds to let 10 sessions in writing down Accouting-Request as fast as it can. When I use checkrad it takes 50/55 seconds to let people in and they all have simultaneous connections. Besides that my sqlippool get all missed up, I think, because the accounting is taking too long to write down so I have the same IP set to two different users.
What else can I do to solve the problem when my customers come from one NAS and they got stuck there because a power failure, for example, and they need to connect to another NAS? This would be the scenario:
So all the customers connected to NAS01 are able to connect to NAS02-04 but they are blocked on Simultaneous-Use until NAS01 returns online and send an Accounting-On.
The second problem is physical too and imagine for some reason that NAS04 loses it's ethernet connection to the internet and to the Freeradius AT THE SAME TIME - remember those servers are all in the same physical space - (like an ethernet cable unplugged or a mistaken setup of a VLAN in a switch or anything else can make NAS loses it's connection to the physical network). In this case my customers tunnels would be still on but they can not reach the internet or Freeradius and if they drop their connection (reboot a customer device) they will be stuck in RadAcct and Simultaneous-Use will block them. This would be the layout:
So, what can I do to solve the problem? Is there anyone with the same problem?
Freeradius 2.x
Mikrotik 6.2
PS.: There is a guy with a lot of topics on checkrad (savage) who could help me but I am not being able to get direct contact.
Best Regards,
Nataniel Klug
Certto - Cascavel/PR/Brazil