Is anyone seeing any unexplained timeout problems with RADIUS authentication on 3.22 OS?

Summary of the Error From the debug log:
pppoe,ppp,info <pppoe-0>: terminating... - user [XXXX] authentication failed - radius timeout

The Test Environment:
We have a clean install of FreeRadius server (10.1.2.25/24) connected in a lab directly to a new Mikrotik on the same subnet (10.1.2.1/24) as one of our MT numbered interfaces. (No filters or firewalls). Ping works both ways and traffic flows otherwise fine. No Firewall/NAT/etc items are set. The NTRadPing tool is able to communicate THROUGH the router reliably and receive responses via standard port 1812. We have simple static routes in place for the test and everything otherwise seems to work perfect. AAA settings specify to use RADIUS. We have all default settings for the one radius server. PPP is checked, ip provided and secret entered. All else are defaults.

The same RADIUS and PING test was attempted with three different Mikrotiks all running 3.22. Results more or less same. At one point, a ping was sent from the Radius box which seemed to "fix" RADIUS temporarily allowing the PPPoE test to succeed. This was repeatable twice only so perhaps a coincidence. The routes were observed before and after the second successful test case for kicks. No change there and no explanation as to why it worked a few times.

It also looks like the RADIUS STATUS screen in Winbox stops updating at some point. Log entries are generated like in the example below but with no change in UI status.

Some of what's Been Tried:
-Saw issue with IP Pools/Radius Crash fixed in 3.4. Changed PPPoE to use static IP for simple auth test.
-Placed hub between RADIUS box and MT. Observed traffic with Wireshark. No UDP or TCP seen to/from RADIUS.
-Used packet sniffer on MT. No attempts to communicate with RADIUS on 10.1.2.25 seen.
-Enabled DEBUG for PPPoE and Radius. Logs suggest some traffic should be seen via Wireshark or built-in sniffer.
-Three 3.22 routers all tested. Same result
-Timeout raised to 4000ms. No change
-Turned accounting on and off
-Recycled routers
-Tried changing Called-ID and other attributes in RADIUS with no change
-Opened up clients.conf in RADIUS to allow entire 10.0.0.0/8 network for test. Recycled in -X mode
-Put Radius in -X debug mode. No requests make it there even though pingable and on same network
-Tried turning accounting on and off on MT. No change
-Tried enabling/disabling Incoming feature. No change

Am I missing some crucial step? Could there be an issue with the OS? I cannot understand why I can't see any attempts to communicate with RADIUS on 10.1.2.25:1812 using either sniffer and hub (not a switch).

Any advice MUCH appreciated!


LOG DETAILS [in this case, from upstream router in LAB]
03:43:33 pppoe,info PPPoE connection established from 00:21:91:DD:39:16
03:43:33 pppoe,ppp,info <pppoe-0>: waiting for call...
03:43:33 radius,debug new request 1b:ac code=Access-Request service=ppp called-id=Internet
03:43:33 radius,debug sending 1b:ac to 10.1.2.25:1812
03:43:33 radius,debug,packet sending Access-Request with id 20 to 10.1.2.25:1812
03:43:33 radius,debug,packet Signature = 0xae57566a14d9168b5c21eb4bc72d8d9c
03:43:33 radius,debug,packet Service-Type = 2
03:43:33 radius,debug,packet Framed-Protocol = 1
03:43:33 radius,debug,packet NAS-Port = 165
03:43:33 radius,debug,packet NAS-Port-Type = 15
03:43:33 radius,debug,packet User-Name = "installer"
03:43:33 radius,debug,packet Calling-Station-Id = "00:21:91:DD:39:16"
03:43:33 radius,debug,packet Called-Station-Id = "Internet"
03:43:33 radius,debug,packet NAS-Port-Id = "PPPoE"
03:43:33 radius,debug,packet CHAP-Challenge = 0xc6495836812f302f81c6ecaa12e84a7e
03:43:33 radius,debug,packet CHAP-Password = 0x01867f7e4d63503289aa55e9ecc69928
03:43:33 radius,debug,packet e4
03:43:33 radius,debug,packet NAS-Identifier = "SiteX"
03:43:33 radius,debug,packet NAS-IP-Address = 10.1.2.1
03:43:34 radius,debug resending 1b:ac
03:43:34 radius,debug,packet sending Access-Request with id 20 to 10.1.2.25:1812
03:43:34 radius,debug,packet Signature = 0xae57566a14d9168b5c21eb4bc72d8d9c
03:43:34 radius,debug,packet Service-Type = 2
03:43:34 radius,debug,packet Framed-Protocol = 1
03:43:34 radius,debug,packet NAS-Port = 165
03:43:34 radius,debug,packet NAS-Port-Type = 15
03:43:34 radius,debug,packet User-Name = "installer"
03:43:34 radius,debug,packet Calling-Station-Id = "00:21:91:DD:39:16"
03:43:34 radius,debug,packet Called-Station-Id = "Internet"
03:43:34 radius,debug,packet NAS-Port-Id = "PPPoE"
03:43:34 radius,debug,packet CHAP-Challenge = 0xc6495836812f302f81c6ecaa12e84a7e
03:43:34 radius,debug,packet CHAP-Password = 0x01867f7e4d63503289aa55e9ecc69928
03:43:34 radius,debug,packet e4
03:43:34 radius,debug,packet NAS-Identifier = "SiteX"
03:43:34 radius,debug,packet NAS-IP-Address = 10.1.2.1
03:43:34 radius,debug resending 1b:ac
03:43:34 radius,debug,packet sending Access-Request with id 20 to 10.1.2.25:1812
03:43:34 radius,debug,packet Signature = 0xae57566a14d9168b5c21eb4bc72d8d9c
03:43:34 radius,debug,packet Service-Type = 2
03:43:34 radius,debug,packet Framed-Protocol = 1
03:43:34 radius,debug,packet NAS-Port = 165
03:43:34 radius,debug,packet NAS-Port-Type = 15
03:43:34 radius,debug,packet User-Name = "installer"
03:43:34 radius,debug,packet Calling-Station-Id = "00:21:91:DD:39:16"
03:43:34 radius,debug,packet Called-Station-Id = "Internet"
03:43:34 radius,debug,packet NAS-Port-Id = "PPPoE"
03:43:34 radius,debug,packet CHAP-Challenge = 0xc6495836812f302f81c6ecaa12e84a7e
03:43:34 radius,debug,packet CHAP-Password = 0x01867f7e4d63503289aa55e9ecc69928
03:43:34 radius,debug,packet e4
03:43:34 radius,debug,packet NAS-Identifier = "SiteX"
03:43:34 radius,debug,packet NAS-IP-Address = 10.1.2.1
03:43:35 radius,debug timeout for 1b:ac
03:43:35 pppoe,ppp,info <pppoe-0>: terminating... - user installer authentication failed - radius timeout
03:43:35 pppoe,ppp,info <pppoe-0>: disconnected

maybe try allowing radius ports 1812 UDP in linux firewall.

Just to rule that out, I'll run NMAP against it tonight. NTRadPing worked fine and also [oddly] the MT did authenticate on two occasions.

Thanks for the input!