FreeRadius install howto (5) – Mikrotik settings


I’m receiving so many questions about FreeRadius and I’m sorry to tell this but I can’t and I won’t give you tech support 4 free. I can and I will answer on one or two questions but do not bother me every single day via email and IM clients when I already wrote on this blog all you need to know.

I understand that RADIUS protocol is marginalized but there are more than enough articles which just laying around and waiting for you. All you need is Google and the right search term.

Before you continue to this read this article, please:
turn on your brain
find out what exactly do you want from your RADIUS server
read the four articles I posted on this blog
be sure that you Mikrotik can reach the Internet (has properly configured IP addresses, DNS, default route, etc)

In this post, I will explain how to set up a Mikrotik router to act as a NAS (but only the part related to RADIUS).

The first step you need to do is to be sure that Mikrotik and RADIUS server “can talk” which means you can ping RADIUS server from Mikrotik and vice verse. Of course, the connection must be reliable and without packet loss.

In the last example, our RADIUS server had an IP address and if you remember we added IP inside the nas table with mysecret as a RADIUS secret. This means that only NAS from IP address would be able to talk with RADIUS server but only if the secret is correct.

So, lets define the RADIUS server inside Mikrotik.

Connect to Mikrotik via Winbox utility. Click on RADIUS and click on the + to add a new RADIUS server.


Enter RADIUS server IP address (in this case, enter secret and select ppp.

The next step is to enable Incoming requests so you will be able to disconnect users via PoD (Packet of Disconnect). Click on the Incoming button (RADIUS -> Incoming) and enable Accept checkbox.

Add new PPPoE server (PPP – PPPoE Servers and click Add).

The most important thing here is to choose the right interface. I your LAN interface is connected to the network where are the users, select LAN. My recommendation is to leave only pap and chap inside Auth. section.

The next step is to define a IP pool which will be used for address allocation.

Be sure that pool name is the same like you defined in the database because radius server will return the pool name to Mikrotik and if the pool with that name doesn’t exists, the users won’t get an IP address.

The next step is to properly configure the default profile for PPPoE users.

Enter local IP address (your public IP address), select remote address pool (the IP pool which we defined above) and add DNS servers which will be returned to the users.You can use the same Mikrotik as a DNS server but you need to turn on Allow remote requests inside DNS settings.

The last step is to turn on RADIUS for accounting inside PPP – Secret menu. Interim update is the time and I do not recommend the values less than 5 minutes.





5 thoughts on “FreeRadius install howto (5) – Mikrotik settings

  1. Hi, first i would like to appreciate you for your knowledge and research about freeRadius. your blog is really helpful. can you please help me out in configuring freeRadius proxy server. i.e, how to make radius server act as a proxy server.

  2. Hi a quick question,i know that I can have 2 hotspot with 2 adsl to each spot so totally 4 with load balancing and a radius server for authentication lets say in my house where I alsow have Internet. The question is can the hotspots get connected locally let’s say with 2 directionally antenna so the clients from 1st hotspot can use the bandwidth from the 2nd hotspot when the first is full?

  3. How do you define “full hot spot” ?

    Used bandwidth or something else?. In case you want to jump over to the next link when the first one is 100% used it is hard to jump to another one. FreeRADIUS can’t know this.

    @Harish Dev
    Check proxy.conf file.

  4. Hi Admin.
    i’ve IP-Pool(s) in my mikrotik router and i need to use exists pool(s) because balanced them on the routerboard.
    So .. is there any way to send pool name only to mikrotik ?
    Business = Biz
    Economy = eco

  5. I would recommend setting the timeout to something over 1000ms. As by default FR will wait 1000ms before sending a reject, so by the time it comes you have already sent three requests.

    This makes it difficult to debug when “Radius timeouts” start happening.

Leave a Reply

Your email address will not be published. Required fields are marked *