Community discussions

MikroTik App
 
andresrv94
just joined
Topic Author
Posts: 3
Joined: Wed Aug 02, 2017 9:01 pm

Can't connect to User Manager with another interface than physical

Thu Aug 10, 2017 9:51 pm

Hi, i have a problem with user manager.

I have user manager installed in a Router, let's call it A, and there are a lot of routers that provide service with PPPoE.

The routers asks router A to authenticate the users instead of using local secrets. I could make the system work but i have a big problem. It doesn't work if in the routers that ask for authentication i don't select an IP adress of the physical interface where the router A answers.

This is a problem because i have a redundant network running OSPF, and if the interface which have the IP that i configure goes down i could be reaching the router but the radius server would be pointing to the ip of the down interface. I want to select a loopback interface of router A in the routers but it doesn't work.

What i could see is that the routers asks to the IP of the loopback interface of the router A and router A answers but from the ip of the physical interface where the packet is going out. When this packet arrives to the router who made the request, it drop it because it comes from another IP.
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4047
Joined: Wed May 11, 2011 6:08 pm

Re: Can't connect to User Manager with another interface than physical

Thu Aug 10, 2017 10:26 pm

You need to use a loopback interface.

Create a bridge without adding any interfaces to it as ports.
Then put a unique /32 IP address onto the loopback interface.
Make sure this /32 is available in your OSPF routing table as well.

then this IP address becomes the official IP address of the router.

Use that IP for RADIUS.
 
andresrv94
just joined
Topic Author
Posts: 3
Joined: Wed Aug 02, 2017 9:01 pm

Re: Can't connect to User Manager with another interface than physical

Thu Aug 10, 2017 10:47 pm

I have a loopback IP address configured in that way, that runs OSPF and is reacheable.

I sniffed the flow and i can see that the request is sent by the NAS, then the RADIUS answers but with a different source address.. the IP address of the physical interface instead of loopback one.

Something like this:

IP Loopback NAS(Brings PPPoE): 10.0.0.1
IP Loopback RADIUS(User Manager):10.0.0.2

IP of physical interface of the router RADIUS: 192.168.1.20

The sequence is like this:
RADIUS REQUEST: Src Address: 10.0.0.1---Dst Address: 10.0.0.2
RADIUS ANSWER: Src Address: 192.168.1.20--Dst Address: 10.0.0.1
 
ambo
just joined
Posts: 6
Joined: Wed Oct 22, 2008 9:50 am

Re: Can't connect to User Manager with another interface than physical

Fri Jan 08, 2021 11:52 am

Anyone found a solution to this?

Who is online

Users browsing this forum: No registered users and 7 guests