Neville nev at
Sat May 23 00:39:32 CEST 2009

Firstly, let me apologies now for asking what is most probably a simple question to you long standing veterans of freeRADIUS.

I've search the INTERNET for 5 days now and late into the evening, but I'm totally stumped in resolving my problem, so I would appreciate any guidance from the experts.  I've configured as per the many guides I've found and have a basic understanding of how this all works, but there is no information anywhere on how to setup the Users / Client details for freeRADIUS.

I've been using poptop (pptpd) server for several weeks, with great success, but now I wish to introduce freeRADIUS.

The problem, I'm facing is the allocation of IP address / GW / DNS by freeRADIUS for the VPN connections coming onto my server.

my service PrivateIP address is

I've iptables setup to forward all NAT traffic through the PRIVATEIP, but allocation of a GW of and a Client IP of

However, when I connect and freeRADIUS authenticates me SUCCESSFULLY. I get given a IP of from the test_pool, but pool range-start = range-stop = which is totally different to the address allocated by the pool. ANY IDEAS?


May 22 21:49:13 server pppd[765]: MPPE 128-bit stateless compression enabled
May 22 21:49:15 server pppd[765]: Cannot determine ethernet address for proxy ARP
May 22 21:49:15 server pppd[765]: local  IP address
May 22 21:49:15 server pppd[765]: remote IP address

radiusd -X

rad_recv: Access-Request packet from host port 34510, id=245, length=133
        Service-Type = Framed-User
        Framed-Protocol = PPP
        User-Name = "test1"
        MS-CHAP-Challenge = 0xd4fd1b2f3b03fa424ae2ccc6dcd11029
        MS-CHAP2-Response = 0x87001d6e9a747c3545dd123d19c410c037be00000000000000002b9c7e96783abd1954a72ae8f4bc4733b1470477ba725366
        NAS-IP-Address =
        NAS-Port = 0
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log]      expand: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /usr/local/var/log/radius/radacct/
[auth_log] /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/
[auth_log]      expand: %t -> Fri May 22 22:46:15 2009
++[auth_log] returns ok
++[chap] returns noop
[mschap] Found MS-CHAP attributes.  Setting 'Auth-Type  = mschap'
++[mschap] returns ok
[suffix] No '@' in User-Name = "test1", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
[files] users: Matched entry DEFAULT at line 70
[files] users: Matched entry test1 at line 77
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = MSCHAP
+- entering group MS-CHAP {...}
[mschap] Told to do MS-CHAPv2 for test1 with NT-Password
[mschap] adding MS-CHAPv2 MPPE keys
++[mschap] returns ok
+- entering group post-auth {...}
[test_pool]     expand: %{NAS-IP-Address} %{NAS-Port} -> 0
[test_pool] MD5 on 'key' directive maps to: ee0282d57992a30bce29ea43d092ac16
[test_pool] Searching for an entry for key: 'ee0282d57992a30bce29ea43d092ac16'
rlm_ippool: Allocating ip to key: 'ee0282d57992a30bce29ea43d092ac16'
[test_pool] num: 1
[test_pool] Allocated ip to client key: ee0282d57992a30bce29ea43d092ac16
++[test_pool] returns ok
++[exec] returns noop
Sending Access-Accept of id 245 to port 34510
        Service-Type = Framed-User
        Session-Timeout = 65000
        Framed-Protocol = PPP
        Framed-MTU = 1400
        MS-CHAP2-Success = 0x87533d46313037374533443535323430343534463737333338463639364534383642374434433244333842
        MS-MPPE-Recv-Key = 0x5a21400d6e5601f9c7201a94d401eefb
        MS-MPPE-Send-Key = 0x14eadb5ada027ccdd63a6cf372f0defd
        MS-MPPE-Encryption-Policy = 0x00000001
        MS-MPPE-Encryption-Types = 0x00000006
        Framed-IP-Address =
        Framed-IP-Netmask =
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Accounting-Request packet from host port 43515, id=246, length=97
        Acct-Session-Id = "4A172B390A9300"
        User-Name = "test1"
        Acct-Status-Type = Start
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Acct-Authentic = RADIUS
        NAS-Port-Type = Async
        Framed-IP-Address =
        NAS-IP-Address =
        NAS-Port = 0
        Acct-Delay-Time = 0
+- entering group preacct {...}
++[preprocess] returns ok
[acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address =,NAS-IP-Address =,Acct-Session-Id = "4A172B390A9300",User-Name = "test1"'
[acct_unique] Acct-Unique-Session-ID = "29e101f9a598e8fe".
++[acct_unique] returns ok
[suffix] No '@' in User-Name = "test1", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[files] returns noop
+- entering group accounting {...}
[detail]        expand: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /usr/local/var/log/radius/radacct/
[detail] /usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/
[detail]        expand: %t -> Fri May 22 22:46:17 2009
++[detail] returns ok
++[unix] returns ok
[radutmp]       expand: /usr/local/var/log/radius/radutmp -> /usr/local/var/log/radius/radutmp
[radutmp]       expand: %{User-Name} -> test1
++[radutmp] returns ok
[test_pool] This is not an Accounting-Stop. Return NOOP.
++[test_pool] returns noop
[attr_filter.accounting_response]       expand: %{User-Name} -> test1
 attr_filter: Matched entry DEFAULT at line 12
++[attr_filter.accounting_response] returns updated
Sending Accounting-Response of id 246 to port 43515
Finished request 1.
Cleaning up request 1 ID 246 with timestamp +44
Going to the next request
Waking up in 2.9 seconds.
Cleaning up request 0 ID 245 with timestamp +42
Ready to process requests.

freeRADIUS Configurations


DEFAULT Pool-Name := test_pool
        Fall-Through = Yes

test1 Cleartext-Password := "test1"
        Service-Type = Framed-User,
        Session-Timeout = 65000,
        Framed-Protocol = PPP,
        Framed-MTU = 1400,

ippool module

ippool test_pool {
        range-start =
        range-stop =
        netmask =
        cache-size = 800
        session-db = ${db_dir}/db.ippool
        ip-index = ${db_dir}/db.ipindex
        override = no
        maximum-timeout = 0
        #key = "%{NAS-IP-Address} %{NAS-Port}"

POPTOP Configuration Files


name pptpd


ppp /usr/sbin/pppd
option /etc/ppp/options.pptpd
#bcrelay eth1
connections 100
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Freeradius-Users mailing list