Neville nev at
Sun May 24 02:00:21 CEST 2009

>> I've search the INTERNET for 5 days now and late into the evening, but 
>> I'm
>> totally stumped in resolving my problem, so I would appreciate any
>> guidance from the experts.  I've configured as per the many guides I've
>> found and have a basic understanding of how this all works, but there is
>> no information anywhere on how to setup the Users / Client details for
>> freeRADIUS.
> Did you try reading comments in users file and clients.conf ie. files you
> were about to change?

First THANKS for replying...

I did, but still cannot work out what I'm doing wrong on this as there is so 
many guides and different ways of doing things, or thats how it seems.

Everything authenticates ok and the correct IP is allocated now, but I'm not 
able to BROWSE any sites and cannot even ping the ip address given to the 
PPP adatper.  I can only access the VPN, but none of the traffice seems to 
be routing correctly.  Can you offer any further supports, please.

Windows IP Configuration

PPP adapter testvpn

   Connection-specific DNS Suffix  . :
   IPv4 Address. . . . . . . . . . . :
   Subnet Mask . . . . . . . . . . . :
   Default Gateway . . . . . . . . . :


Pinging with 32 bytes of data:
General failure.
General failure.
General failure.
General failure.

Ping statistics for
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

ppp0      Link encap:Point-to-Point Protocol
          inet addr:  P-t-P:  Mask:
          RX packets:3890 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1731 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3
          RX bytes:442107 (431.7 KiB)  TX bytes:108501 (105.9 KiB)

target     prot opt source               destination
MASQUERADE  all  --          anywhere

[root log]# cat /etc/sysctl.conf
# Kernel sysctl configuration file for Red Hat Linux
# For binary values, 0 is disabled, 1 is enabled.  See sysctl(8) and
# sysctl.conf(5) for more details.

# Controls IP packet forwarding
net.ipv4.ip_forward = 1

[root log]# cat /proc/sys/net/ipv4/ip_forward


+- entering group post-auth {...}
[test_pool]     expand: %{NAS-IP-Address} %{NAS-Port} -> 0
[test_pool] MD5 on 'key' directive maps to: ee0282d57992a30bce29ea43d092ac16
[test_pool] Searching for an entry for key: 
rlm_ippool: Allocating ip to key: 'ee0282d57992a30bce29ea43d092ac16'
[test_pool] num: 1
[test_pool] Allocated ip to client key: 
++[test_pool] returns ok
++[exec] returns noop
Sending Access-Accept of id 95 to port 51514
        Service-Type = Framed-User
        Session-Timeout = 65000
        Framed-Protocol = PPP
        Framed-MTU = 1400
        MS-CHAP2-Success = 
        MS-MPPE-Recv-Key = 0x39c2ccda839a57b64583b1f3a55ed07e
        MS-MPPE-Send-Key = 0xeaa3b2169241344554880f6e3a6f956b
        MS-MPPE-Encryption-Policy = 0x00000001
        MS-MPPE-Encryption-Types = 0x00000006
        Framed-IP-Address =
        Framed-IP-Netmask =
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Accounting-Request packet from host port 40285, id=96, 
        Acct-Session-Id = "4A1897253C3400"
        User-Name = "test1"
        Acct-Status-Type = Start
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Acct-Authentic = RADIUS
        NAS-Port-Type = Async
        Framed-IP-Address =
        NAS-IP-Address =
        NAS-Port = 0
        Acct-Delay-Time = 0
+- entering group preacct {...}
++[preprocess] returns ok
[acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address =,NAS-IP-Address =,Acct-Session-Id = 
"4A1897253C3400",User-Name = "test1"'
[acct_unique] Acct-Unique-Session-ID = "2855668f1c6c9940".
++[acct_unique] returns ok
[suffix] No '@' in User-Name = "test1", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[files] returns noop
+- entering group accounting {...}
[detail]        expand: 
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d -> 
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands 
to /usr/local/var/log/radius/radacct/
[detail]        expand: %t -> Sun May 24 00:39:01 2009
++[detail] returns ok
++[unix] returns ok
[radutmp]       expand: /usr/local/var/log/radius/radutmp -> 
[radutmp]       expand: %{User-Name} -> test1
++[radutmp] returns ok
[test_pool] This is not an Accounting-Stop. Return NOOP.
++[test_pool] returns noop
[attr_filter.accounting_response]       expand: %{User-Name} -> test1
 attr_filter: Matched entry DEFAULT at line 12
++[attr_filter.accounting_response] returns updated
Sending Accounting-Response of id 96 to port 40285
Finished request 1.
Cleaning up request 1 ID 96 with timestamp +56
Going to the next request
Waking up in 3.0 seconds.
Cleaning up request 0 ID 95 with timestamp +54
Ready to process requests.

>> The problem, I'm facing is the allocation of IP address / GW / DNS by
>> freeRADIUS for the VPN connections coming onto my server.
>> my service PrivateIP address is
>> I've iptables setup to forward all NAT traffic through the PRIVATEIP, but
>> allocation of a GW of and a Client IP of
>> However, when I connect and freeRADIUS authenticates me SUCCESSFULLY. I
>> get given a IP of from the test_pool, but pool range-start =
>> range-stop = which is totally different to the
>> address allocated by the pool. ANY IDEAS?
> Was test_pool once upon a time in 192.168.2.x range? When you change the
> IP range you need to delete db files. This is clearly stated in the ippool
> module ie. the file you have changed.

I did not delete this, as this was the first time test_pool was used, 
however this proved to be the issues and I thank you for that. So it must 
have come in as part of the RPM. 

More information about the Freeradius-Users mailing list