PPPoE server- Set VRF traffic radius

I have configured Vyos as a PPPoE server on my network.

I have a remote radius server for authentication and IP assignment.

Vyos has two interfaces:

eth0 with 172.165.156.175.

The PPPoE server is listening on the Eth2 interface (without IP).

My radius server has IP 172.165.156.28.

Authentication worked correctly until I created a vrf name “mgmt” and put eth0 in the vrf “mgmt”

I also have: I created a static route:

set static route 172.165.156.28/32 interface eth0 vrf mgmt

In the pppoe.conf file:

in the [radius] section, I added: bind-device=mgmt and restarted the service accel-ppp@pppoe.service

If I ping 172.165.156.28, it works, but in the accel-ppp logs, I still see that the radius server cannot be reached:

radius:bind: Cannot assign requested address

radius: no available servers

What did I do wrong or forget to do?

Without vrf, everything works fine. That’s why I don’t think it can be due to the firewall.

Thank you.

This is a wrong way as config will be rewritten per next change/commit/reboot.

Ping is not enough, I think the accel-ppp itself has to be started in the context VRF. I could be wrong.

Check the RADIUS log

Hello, should I override the configuration so that it takes the modified file when it restarts?

Could this be the solution:

1- Create an override for the service

sudo systemctl edit accel-ppp@pppoe.service

2-Insert this content:

[Service]
ExecStart=
ExecStart=/usr/bin/ip vrf exec mgmt /usr/sbin/accel-pppd -d -p /run/accel-pppd/pppoe.pid -c /run/accel-pppd/pppoe.conf

3-Reload systemd and restart the service:

sudo systemctl daemon-reexec
sudo systemctl restart accel-ppp@pppoe.service

However, my goal is for only radius auth and acc traffic to pass through vrfr mgmt; the rest must remain on the main. If the service runs in the vrf context, it is not acceptable. How can this be achieved?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.