I’ve read accel-ppp recently got VRF support (a new RADIUS attribute to put an authenticated user’s session in a specific VRF). I’m not that advanced yet, I’d like to do a simple thing first - while the router generally works on all public IP addresses (OSPF and BGP in a small local ISP network), I’d like to use VRF for out of band management. This is easy - eth0 with DHCP client is the management interface, and now I can ssh into the router from inside without exposing the ssh port to the outside world. Now, could accel-ppp also use this VRF when talking to the RADIUS server? This way the RADIUS server with the user database could be on the private network as well.
Following up myself after 2+ years - many thanks for not locking this thread. There is bind-device= in [radius] server/dae-server in accel-ppp.conf where the interface in the management VRF could be specified - I’ve found it by looking at the accel-ppp source and it’s also in the accel-ppp.conf.5 man page, but not in the online docs and probably not exposed in vyos configuration from which accel-ppp.conf is generated (unless it was added recently - I’m still running equuleus).