Community discussions

MikroTik App
 
papayeya
just joined
Topic Author
Posts: 13
Joined: Thu Apr 28, 2022 3:55 am

Forwarding Radius authentication traffic to specific WAN

Tue Nov 28, 2023 5:39 am

Greetings,

I have 2 WANS that I,want it to be bonded

WAN 1 has public IP
WAN 2 has private IP


I have also an external radius server in a,different country

We can receive only the authentication traffic and messages via the public IP port (WAN 1)

Therefore when we bond the 2 WANs how we can forward the authentication traffic through WAN 1 and the interenet traffic can flow from both WAN 1 & 2?



Thanks in advance
Last edited by holvoetn on Wed Nov 29, 2023 1:04 am, edited 1 time in total.
Reason: Typo in title
 
sindy
Forum Guru
Forum Guru
Posts: 10192
Joined: Mon Dec 04, 2017 9:19 pm

Re: Forwarding Radisu authentication traffic to specific WAN

Wed Nov 29, 2023 1:00 am

Simply by adding a /32 route to the address of the RADIUS server via WAN 1 gateway to all routing tables, so regardless which routing table the "bonding" (actually, it's most likely load distribution) chooses, the packets to the RADIUS server will always go via WAN 1.
 
LdB
Member Candidate
Member Candidate
Posts: 141
Joined: Thu May 20, 2021 4:23 pm

Re: Forwarding Radius authentication traffic to specific WAN

Wed Nov 29, 2023 4:44 am

It's actually easier than that on the radius setup you can set a source IP (on winbox it's the last entry right down the bottom).

So just set WAN1 public IP as the source IP for the radius server and it will exit that interface.
 
sindy
Forum Guru
Forum Guru
Posts: 10192
Joined: Mon Dec 04, 2017 9:19 pm

Re: Forwarding Radius authentication traffic to specific WAN

Wed Nov 29, 2023 10:07 am

So just set WAN1 public IP as the source IP for the radius server and it will exit that interface.
It doesn't work this simple. The regular routing only takes into account the destination address. So without adding a routing rule or a mangle rule that would order which routing table to use based on the source address, forcing a particular source address is not sufficient to make a packet always leave through the interface to which that source address is attached.

And for this particular case, a /32 route seemed simpler to me than a dedicated routing table and a corresponding routing rule. But from 4 routing tables up, adding a 5th one this way requires less configuration rows than adding the same route to all the other tables.

Who is online

Users browsing this forum: Amazon [Bot] and 44 guests