Gin
November 13, 2025, 11:37pm
1
I have configured Vyos as a PPPoE server on my network.
I have a remote radius server for authentication and IP assignment.
Vyos has two interfaces:
eth0 with 172.165.156.175.
The PPPoE server is listening on the Eth2 interface (without IP).
My radius server has IP 172.165.156.28.
Authentication worked correctly until I created a vrf name “mgmt” and put eth0 in the vrf “mgmt”
I also have: I created a static route:
set static route 172.165.156.28/32 interface eth0 vrf mgmt
In the pppoe.conf file:
in the [radius] section, I added: bind-device=mgmt and restarted the service accel-ppp@pppoe.service
If I ping 172.165.156.28, it works, but in the accel-ppp logs, I still see that the radius server cannot be reached:
radius:bind: Cannot assign requested address
radius: no available servers
What did I do wrong or forget to do?
Without vrf, everything works fine. That’s why I don’t think it can be due to the firewall.
Thank you.
Gin:
in the [radius] section, I added: bind-device=mgmt and restarted the service accel-ppp@pppoe.service
If I ping 172.165.156.28, it works, but in the accel-ppp logs, I still see that the radius server cannot be reached
This is a wrong way as config will be rewritten per next change/commit/reboot.
Ping is not enough, I think the accel-ppp itself has to be started in the context VRF. I could be wrong.
Check the RADIUS log
Gin
November 14, 2025, 7:50am
3
Hello, should I override the configuration so that it takes the modified file when it restarts?
Could this be the solution:
1- Create an override for the service
sudo systemctl edit accel-ppp@pppoe.service
2-Insert this content:
[Service]
3-Reload systemd and restart the service:
sudo systemctl daemon-reexec
However, my goal is for only radius auth and acc traffic to pass through vrfr mgmt; the rest must remain on the main. If the service runs in the vrf context, it is not acceptable. How can this be achieved?