Just set 'called-server-id' in radius checks so that you can make sure only those allowed can successfully auth :)
-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Thursday, 23 March 2017 7:31 AM To: 'MikroTik Australia Public List' <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] Mikrotik PPP Profile and Radius
But how to connect 20+ clients to a different PPTP server instance on the same router ? You need to specify the user for each PPTP server instance :-(
Being able to connect say 20 VPN's to one PPTP server instance on a router and 20 to another would work for me, but they have to be on the same router and unless they all connect with the same user ID which wouldn't work I Can't see how I could differentiate them from the server side.
I thought about a metarouter instance but don't have enough spare RAM on the box.....
Regards Paul
-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Mike Everest Sent: Wednesday, 22 March 2017 11:24 PM To: 'MikroTik Australia Public List' Subject: Re: [MT-AU Public] Mikrotik PPP Profile and Radius
Ah! OK, in that case, a second pptp on a different IP address then?
Cheers, Mike.
-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Wednesday, 22 March 2017 10:09 PM To: 'MikroTik Australia Public List' <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] Mikrotik PPP Profile and Radius
Thanks for the suggestion Mike but we need PPTP VPN not PPPOE :-(
Regards Paul
-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Mike Everest Sent: Wednesday, 22 March 2017 6:43 PM To: 'MikroTik Australia Public List' Subject: Re: [MT-AU Public] Mikrotik PPP Profile and Radius
What about running a different pppoe server for each service class, differentiated by service name? That way you can use ppp profile on server side, then select the server from the ppp client.
Cheers!
-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Wednesday, 22 March 2017 5:36 PM To: 'MikroTik Australia Public List' <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] Mikrotik PPP Profile and Radius
Local IP mostly, we need to differentiate between two different VPN tunnels coming into the same router so that we can sourcenat a different IP out each.
Regards Paul
-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Philip Loenneker Sent: Wednesday, 22 March 2017 5:26 PM To: MikroTik Australia Public List Subject: Re: [MT-AU Public] Mikrotik PPP Profile and Radius
Which profile options are you needing to use, Paul?
-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Wednesday, 22 March 2017 5:06 PM To: 'MikroTik Australia Public List' <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] Mikrotik PPP Profile and Radius
Hi Philip, yes it would but I am trying to avoid using mangle rules and the like if possible, I don't think we can get around it though.....
Regards Paul
-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Philip Loenneker Sent: Wednesday, 22 March 2017 5:02 PM To: MikroTik Australia Public List Subject: Re: [MT-AU Public] Mikrotik PPP Profile and Radius
Would adding the IP assigned to the device to an address list help? That is a supported RADIUS attribute that I have used in the past to drop groups of services into particular queues.
-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Mike Everest Sent: Wednesday, 22 March 2017 4:52 PM To: 'MikroTik Australia Public List' <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] Mikrotik PPP Profile and Radius
Mmm, yes - sounds like a job for packet mark feature ;)
Cheers!
Mike.
-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Wednesday, 22 March 2017 2:42 PM To: 'MikroTik Australia Public List' <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] Mikrotik PPP Profile and Radius
Thanks Mike, yes aware of all of that but just hoping somebody might have known about an undocumented feature or something.
We are trying to do something a bit fancy for a specialised solution and hoping to pass some info back from radius which will help avoid using filters or mangle rules but allow us to use a profile.
Basically we need to bring two different types of VPN connections in from a whole lot of devices out in the field which have a local fixed WAN connection and a 4G connection, but we need to treat the two vpn's from each device differently and apply different source nat rules to traffic heading out of them so it only ever comes back through the same vpn interface.
Being able to allocate a profile to each type of VPN would have made it a lot easier, but it looks like we will have to do some traffic marking to achieve the result we need.
Regards Paul
-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Mike Everest Sent: Wednesday, 22 March 2017 2:23 PM To: 'MikroTik Australia Public List' Subject: Re: [MT-AU Public] Mikrotik PPP Profile and Radius
Hi!
Supported Radius attributes in access-accept reply packet are documented here: https://wiki.mikrotik.com/wiki/Manual:RADIUS_Client#Access- Accept
Note that MikroTik-Group attribute can set default profile for hotspot users, but it does not work for ppp users. Depending on what functionality of the profile you want to access, you can probably find a way to achieve it using a combination of other attributes (like Framed-Pool and Mikrotik-Mark-Id etc)
What is it that you need to do that profile is a potential option?
Cheers, Mike.
-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Wednesday, 22 March 2017 1:21 PM To: public@talk.mikrotik.com.au Subject: [MT-AU Public] Mikrotik PPP Profile and Radius
Hi All, just wondering if anybody has ever had any luck with being able to set the PPP Profile for a radius user by using a Radius reply attribute ?
People say it can't be done, there is no attribute listed in the AAA doco but hoping somebody might know of a way we could do it....
Thanks Paul _______________________________________________ Public mailing list Public@talk.mikrotik.com.au
http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.
au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au
http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.
au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au
http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.
au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com. au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com. au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com. au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com. au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com. au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com. au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com. au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au