Framed-Route not appearing on the client

Alan DeKok aland at
Fri Jun 3 12:46:37 UTC 2022

On Jun 3, 2022, at 8:34 AM, Alexis Lacoste <alexislacoste2 at> wrote:
> After I resolved the issue with the IP address not being present on the
> client with Framed-IP-Address, I needed for the client to get a gateway to
> the corresponding subnet.
> Without that gateway, the client doesn't know where to go when it arrives
> on the public interface.
> I've looked at and
> took the example below without adding metric options.

  Does the client support this attribute?

  i.e. the standards are nice, but many clients don't follow the standards.  If you want to know what the client does, read the client documentation.  The RFCs are really for people writing RADIUS servers and clients, they're not really intended for system administrators to read.

> test1.vpn       Service-Type == Framed-User
>                Framed-IP-Address +=,
>                Framed-Route += "",
>                Framed-IP-Netmask +=,
>                Fall-Through = Yes
> I've also tried "", "
> 1 2 -1 3 400" but when doing ipconfig, there is no change nor route added
> with route print.

   See the client documentation for what it needs in the Framed-Route attribute.

> At the twelve packet we can clearly see the framed IP route and even
> before. It is seen in the Access-Accept packet but not in the
> Accouting-Request.

  It's not supposed to be in the Accounting-Request.

> My guess is that i am missing an option in the sites-enabled/default.

  You don't configure "options" in the virtual server.  You configure it to send specific attributes in the reply, with certain values.

  If the client doesn't do what you expect with that information, then go read the client documentation.  You cannot debug the client by poking FreeRADIUS.

  Alan DeKok.

More information about the Freeradius-Users mailing list