-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Wednesday, 22 March 2017 2:42 PM To: 'MikroTik Australia Public List' <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] Mikrotik PPP Profile and Radius
Thanks Mike, yes aware of all of that but just hoping somebody might have known about an undocumented feature or something.
We are trying to do something a bit fancy for a specialised solution and hoping to pass some info back from radius which will help avoid using filters or mangle rules but allow us to use a profile.
Basically we need to bring two different types of VPN connections in from a whole lot of devices out in the field which have a local fixed WAN connection and a 4G connection, but we need to treat the two vpn's from each device differently and apply different source nat rules to traffic heading out of
so it only ever comes back through the same vpn interface.
Being able to allocate a profile to each type of VPN would have made it a lot easier, but it looks like we will have to do some traffic marking to achieve the result we need.
Regards Paul
-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Mike Everest Sent: Wednesday, 22 March 2017 2:23 PM To: 'MikroTik Australia Public List' Subject: Re: [MT-AU Public] Mikrotik PPP Profile and Radius
Hi!
Supported Radius attributes in access-accept reply packet are documented here: https://wiki.mikrotik.com/wiki/Manual:RADIUS_Client#Access- Accept
Note that MikroTik-Group attribute can set default profile for hotspot users, but it does not work for ppp users. Depending on what functionality of
Local IP mostly, we need to differentiate between two different VPN tunnels coming into the same router so that we can sourcenat a different IP out each. Regards Paul -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Philip Loenneker Sent: Wednesday, 22 March 2017 5:26 PM To: MikroTik Australia Public List Subject: Re: [MT-AU Public] Mikrotik PPP Profile and Radius Which profile options are you needing to use, Paul? -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Wednesday, 22 March 2017 5:06 PM To: 'MikroTik Australia Public List' <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] Mikrotik PPP Profile and Radius Hi Philip, yes it would but I am trying to avoid using mangle rules and the like if possible, I don't think we can get around it though..... Regards Paul -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Philip Loenneker Sent: Wednesday, 22 March 2017 5:02 PM To: MikroTik Australia Public List Subject: Re: [MT-AU Public] Mikrotik PPP Profile and Radius Would adding the IP assigned to the device to an address list help? That is a supported RADIUS attribute that I have used in the past to drop groups of services into particular queues. -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Mike Everest Sent: Wednesday, 22 March 2017 4:52 PM To: 'MikroTik Australia Public List' <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] Mikrotik PPP Profile and Radius Mmm, yes - sounds like a job for packet mark feature ;) Cheers! Mike. them the
profile you want to access, you can probably find a way to achieve it using a combination of other attributes (like Framed-Pool and Mikrotik-Mark-Id etc)
What is it that you need to do that profile is a potential option?
Cheers, Mike.
-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Wednesday, 22 March 2017 1:21 PM To: public@talk.mikrotik.com.au Subject: [MT-AU Public] Mikrotik PPP Profile and Radius
Hi All, just wondering if anybody has ever had any luck with being able to set the PPP Profile for a radius user by using a Radius reply attribute ?
People say it can't be done, there is no attribute listed in the AAA doco but hoping somebody might know of a way we could do it....
Thanks Paul _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com. au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com. au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com. au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au