Ivan Kalik wrote:
A: I have a set of "master" tunnel attributes that I always have to send to this Telco. i.e. Service-type, Tunnel-Type, Tunnel-Preference, Tunnel-password, Tunnel-Server-Endpoint..etc The way this Telco obtains these attributes is by sending the Username/Password combination my way. (i.e. I need to authenticate userxyz@telco.com). Once I see that user come through from their boxes (3 Static IPs) I have to send back to them the tunnel attributes above. Once the tunnel attributes were sent, they establish an L2TP tunnel to my LNS and my LNS now asks my Radius server again to authenticate the user. So I see the same userxyz@telco.com requesting to be authenticated. Since I currently cannot distinguish between NASes I am sending the same Tunnel Attributes to my LNS which causes my LNS to try to initiate a tunnel back to itself (because the Tunnel-Server-Endpoint attribute is the actual LNS). ++++++++++++++++++++++++++++++++++++++
This is very strange.
No, that's a pretty standard setup for resold ADSL, certainly in the UK and I think other countries as well.
That information should be on telco radius server, not yours. It should not have to proxy requests to you. They ought to know the tunnel endpoint - *they* gave you the IP to set on your router when they leased you the line.
From the sound of it, it's not a leased line or similar; as I say, resold ADSL generally works this way.