Community discussions

 
User avatar
ziegenberg
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 52
Joined: Thu Mar 07, 2013 11:14 am
Location: Vienna
Contact:

Assign specific RADIUS to specific PPP Profile (L2TP)

Fri Apr 10, 2015 2:27 pm

For each PPP secret I can assign a specific PPP profile (with different local and remote address, different DNS and WINS server), but if I have different RADIUS clients configured, I can't not specify which PPP profile is used.

Example:
Two PPP Profiles:
name="L2TP-Profile 1" local-address=192.168.104.254 remote-address=dhcp_VPN_L2TP-RoadWarrior_1 remote-ipv6-prefix-pool=*0 use-ipv6=no use-mpls=yes use-compression=default use-vj-compression=default use-encryption=yes only-one=default change-tcp-mss=yes address-list="" dns-server=192.168.104.1 wins-server=192.168.104.1 

name="L2TP-Profile 2" local-address=10.9.5.254 remote-address=dhcp_VPN_L2TP-RoadWarrior_2 remote-ipv6-prefix-pool=*0 use-ipv6=no use-mpls=yes use-compression=default use-vj-compression=default use-encryption=required only-one=default change-tcp-mss=yes address-list="" dns-server=192.168.10.1 wins-server=192.168.10.1
Two different RADIUS clients:
/radius
add address=192.168.104.1 comment="IPsec L2TP RoadWarrior VPN 1" secret=mySecret service=ppp
add address=192.168.10.1 comment="IPsec L2TP RoadWarrior VPN 2" secret="myOtherSecret" service=ppp
If a client now connects and get's authenticated by Radius 1 it is assigned an IP from PPP Profile "L2TP-Profile 1". That's perfectly fine.
If a client now connects and get's authenticated by Radius 2 it is also assigned an IP from PPP Profile "L2TP-Profile 1" but I want him to be in the other Profile to be in another network with different settings.

Any solutions?
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4051
Joined: Wed May 11, 2011 6:08 pm

Re: Assign specific RADIUS to specific PPP Profile (L2TP)

Fri Apr 10, 2015 5:28 pm

You should use the radius return-attributes to specify profile.
Then in server1, you specify one profile, and in server2, you specify the other.
I'm not sure what attribute to use but I'm sure a search should yield results.

http://wiki.mikrotik.com/wiki/Manual:RA ... Attributes

It looks like Mikrotik-Group might be promising.

But you don't really need to use the groups because the RADIUS server can specify the address, dns server, wins server, etc.
When given a spoon,
you should not cling to your fork.
The soup will get cold.
 
geduxas
just joined
Posts: 2
Joined: Thu Aug 10, 2017 10:42 am

Re: Assign specific RADIUS to specific PPP Profile (L2TP)

Thu Aug 10, 2017 10:44 am

Hi, do you found a solution? I am in same question. But as i read Radius profile is only for hotspot and login feature..
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4051
Joined: Wed May 11, 2011 6:08 pm

Re: Assign specific RADIUS to specific PPP Profile (L2TP)

Thu Aug 10, 2017 6:21 pm

No, RADIUS is a general-purpose AAA mechanism which can be used in many applications.

RADIUS works in any application where you have several devices requiring logins, but one centralized user database. (Assuming the login mechanism supports RADIUS authentication).
When given a spoon,
you should not cling to your fork.
The soup will get cold.

Who is online

Users browsing this forum: Google [Bot] and 53 guests