I am trying to setup Mikrotik as a PPTP VPN concentrator.
I configured Microsoft NPS as a RADIUS server.
I have around 400 clients that need access to "standard" services on corporate network.
For them i created new AD group called "Standard_VPN_access" and radius server is sending framed-pool and Filter-Id attributes to Mikrotik.
On Mikrotik i ceated a new pool of ip addresses for this type of clients and a separated filter chain.
This is working perfectly.
The "problem" is with remaining 50-100 users. For those users i need a separate filter for each user.
I need this while i need separate "production access" roules for DB guys, developers, menagement and i need to log all.
There is RADIUS attribute called Framed-IP-Address and this works if i configure RADIUS server to set static IP address. Unfortunatly this need to be done on Microsoft NPS on Active directory group level.
So i need to create a separated group for every user, and than configure separate policy on NPS server with fixed IP for that group, (group contain only one usere).
In this way Mikrotik will asign same IP for same PPTP user.
This is messy with 50 to 100 unneccesary AD groups and NPS roules i don't want to do it in this stinky way.
I tested many options on RADIUS side and on Mikrotik side and unfortunatly this is only solution that i can figure out at this moment.
Do someone have some similar setup?
How about new mikrotik feature, allowing to manualy add new PPP Secret for user that exist on RADIUS without password and set Remote Address field ?
This is already possible but Mikrotik will not ask RADIUS server for that user as this user is local user. Some exeption for user configured without password?
Any suggestion is welcome.
Thanks.
