I could but it would mean doing packet marking of some description to get the data into the VRF, I could just do that with static routes if I really wanted to, but I am dealing with a lot of these VPN's and need everything to be more dynamic. Using a dynamic address list would work, I am just trying to avoid using any packet processing but I don't think there is any way around it :-( Regards Paul -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Stephen Schwetz Sent: Wednesday, 22 March 2017 7:17 PM To: MikroTik Australia Public List Subject: Re: [MT-AU Public] Mikrotik PPP Profile and Radius Couldn't you allocate each vpn to a seperate vrf? On 22 Mar 2017 6:44 PM, "Mike Everest" <mike@duxtel.com> wrote:
What about running a different pppoe server for each service class, differentiated by service name? That way you can use ppp profile on server side, then select the server from the ppp client.
Cheers!
-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Wednesday, 22 March 2017 5:36 PM To: 'MikroTik Australia Public List' <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] Mikrotik PPP Profile and Radius
Local IP mostly, we need to differentiate between two different VPN tunnels coming into the same router so that we can sourcenat a different IP out each.
Regards Paul
-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Philip Loenneker Sent: Wednesday, 22 March 2017 5:26 PM To: MikroTik Australia Public List Subject: Re: [MT-AU Public] Mikrotik PPP Profile and Radius
Which profile options are you needing to use, Paul?
-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Wednesday, 22 March 2017 5:06 PM To: 'MikroTik Australia Public List' <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] Mikrotik PPP Profile and Radius
Hi Philip, yes it would but I am trying to avoid using mangle rules and the like if possible, I don't think we can get around it though.....
Regards Paul
-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Philip Loenneker Sent: Wednesday, 22 March 2017 5:02 PM To: MikroTik Australia Public List Subject: Re: [MT-AU Public] Mikrotik PPP Profile and Radius
Would adding the IP assigned to the device to an address list help? That is a supported RADIUS attribute that I have used in the past to drop groups of services into particular queues.
-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Mike Everest Sent: Wednesday, 22 March 2017 4:52 PM To: 'MikroTik Australia Public List' <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] Mikrotik PPP Profile and Radius
Mmm, yes - sounds like a job for packet mark feature ;)
Cheers!
Mike.
-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Wednesday, 22 March 2017 2:42 PM To: 'MikroTik Australia Public List' <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] Mikrotik PPP Profile and Radius
Thanks Mike, yes aware of all of that but just hoping somebody might have known about an undocumented feature or something.
We are trying to do something a bit fancy for a specialised solution and hoping to pass some info back from radius which will help avoid using filters or mangle rules but allow us to use a profile.
Basically we need to bring two different types of VPN connections in from a whole lot of devices out in the field which have a local fixed WAN connection and a 4G connection, but we need to treat the two vpn's from each device differently and apply different source nat rules to traffic heading out of them so it only ever comes back through the same vpn interface.
Being able to allocate a profile to each type of VPN would have made it a lot easier, but it looks like we will have to do some traffic marking to achieve the result we need.
Regards Paul
-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Mike Everest Sent: Wednesday, 22 March 2017 2:23 PM To: 'MikroTik Australia Public List' Subject: Re: [MT-AU Public] Mikrotik PPP Profile and Radius
Hi!
Supported Radius attributes in access-accept reply packet are documented here: https://wiki.mikrotik.com/wiki/Manual:RADIUS_Client#Access- Accept
Note that MikroTik-Group attribute can set default profile for hotspot users, but it does not work for ppp users. Depending on what functionality of the profile you want to access, you can probably find a way to achieve it using a combination of other attributes (like Framed-Pool and Mikrotik-Mark-Id etc)
What is it that you need to do that profile is a potential option?
Cheers, Mike.
-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Wednesday, 22 March 2017 1:21 PM To: public@talk.mikrotik.com.au Subject: [MT-AU Public] Mikrotik PPP Profile and Radius
Hi All, just wondering if anybody has ever had any luck with being able to set the PPP Profile for a radius user by using a Radius reply attribute ?
People say it can't be done, there is no attribute listed in the AAA doco but hoping somebody might know of a way we could do it....
Thanks Paul _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk. mikrotik.com. au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com. au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com. au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.co m.au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.co m.au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.co m.au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.co m.au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.co m.au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com. au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au