~!~ Article by Syed Jahanzaib ~!~
This guide will illustrate howto create PPPoE server in MIKROTIK RouterOS (I used v 5.6 in this example). This article will also demonstrate on how you can create your automated pre-paid billing solution for users using Mikrotik’s User Manager. This basic RADIUS Server a.k.a USERMAN can be used for any ppp service like VPN/PPPoE/HOTSPOT.
I must state that the USERMAN solution is not a reliable one, You cant rely on it on a large/production server. But after all its free package come along with the mikrotik, so dont expect much from it, IMO its suitable for SOHO. If you want real features related to ISP , Better to USe 3rd Party Radius server like DMASOFTLAB which is feature rich radius built to perform
It will also show you how to create a 30 days limit account with 256Kbps speed limit.
We will divide this article in two section.
1) PPPoE Server (Basic Settings)
2) User Manager Billing Setup
In this example Mikrotik have two lan cards.
1) ether1 = ip 10.0.0.1 / LAN Interface hosting PPPoE Server
2) ether2 = ip 192.168.0.1 / WAN interface connected with DSL / Fiber etc.
(Configure interfaces accordingly to your environment, in the images ip series is 192.168.2.1 , don’t get confuse with it. you can adjust it accordingly)
PPPoE SERVER SETUP
First we will add PPPoE Server using CLI (command interface)
/interface pppoe-server server add authentication=pap default-profile=default disabled=no interface=ether1 keepalive-timeout=10 max-mru=1480 max-mtu=1480 max-sessions=1 mrru=disabled one-session-per-host=yes service-name=aacable
Now we will add IP Pool for pppoe-users (ips that user will get after successful dialing)
/ip pool add name=pppoe-users-pool ranges=172.16.0.1-172.16.0.254
Now we will add new profile for pppoe users.
/ppp profile add change-tcp-mss=default dns-server=10.0.0.1 local-address=10.0.0.1 name=pppoe-profile only-one=default remote-address=pppoe-users-pool use-compression=default use-encryption=default use-vj-compression=default
Following is the screenshot for above created rule.
/ip firewall nat add action=masquerade chain=srcnat disabled=no src-address=172.16.0.1-172.16.0.255
(In above masquerading rule, I have added src-address to 172.16.0.x ip pool, so that ONLY pppoe connected users internet will work)
Add DNS server so users can resolve internet hostnames.
/ip dns set allow-remote-requests=yes cache-max-ttl=1w cache-size=5000KiB max-udp-packet-size=512 servers=18.104.22.168
Now finally we will add local user to test the pppoe server status.
/ppp secret add caller-id="" disabled=no limit-bytes-in=0 limit-bytes-out=0 name=zaib password=1234 profile=pppoe-profile routes="" service=pppoe
Now at user end, create a pppoe dialer and connect with the id = zaib and password = 1234
(Howto create pppoe dialer
If all goes fine, you will start surfing the internet smoothly
Now we will move to mikrotik billing system using its built-in radius called USER MANAGER.
MIKROTIK USER MANAGER WITH BILLING SETUP
We can setup a RADIUS server in mikrotik using its built-in radius server called User Manager. UM is a nice web-based billing manager package to compliment hotspot / pppoe / vpn authentication solution in RouterOS. It is RADIUS based component so it can provide centralised management to single or multiple RouterOS based NASes.
Now we will first configure user manager and then later we will integrate it with our pppoe server so all authentication will be done via UM.
Open your web browser and point it to http://10.0.0.1/userman
You will see user manager authentication screen, Now enter admin id and password and you will be forwarded to main UM screen like this.
Note: If default admin password doesn’t work out, change the password by following command
/tool user-manager customer set admin password=PASSWORD **OR** /tool user-manager customer print
Now click on Profiles, on your right window, click on + sign (beside profile)
For test purposes, we will add one profile with 256Kbps speed limit, and 30 days UP Time limit. You can add many packages as per your requirements later, once you understand how thins works here)
Now we want to add 256Kb / 30days Limit Package, Name it 256k.
* in ‘Name for users‘ type ‘256k’
* in ‘Validity‘, type ’4w2d’ (for 1 month validity)
* in ‘Starts‘ , select ‘At First Logon‘ (User time will start when users first login)
* in ‘Price’ enter the amount at which you sell this package to users. e.g 400
* in ‘Shared Users’ select ’1′ (so single ID cannot be used from multiple computers simultaneously)
Now Save Profile. (See attached Screenshot)
Now We want to add Bandwidth Limitation to this profile, goto ‘Limitations’ and click on ADD ,
A new window will appear
* in ‘Name’ type ’256k’
* in ‘Rate Limit’ in RX ’128k’ in TX ’256k’ ,
Now click on SAVE. (See attached Screenshot)
Now go back to Profiles Section. Here you will see your created 256k
Profile, clien on ‘Add New Limitation’ and and click on ’256k Limit’ and
click ‘ADD’ button. (See attached Screenshot)
Done, your first package with 256k Limit and 30 Days uptime limit is created. Now we will Add new user and tag them with this new 256k profile.
Goto Users, and click on ADD / One (to add single user).
* in ‘Username’ type ‘zaib’
* in ‘Password’ type ’1234′
* in ‘Constraints’ check on ‘Called ID’ Bindon first use. This options is good if you want to bind user id with first detected MAC address, if you don’t want to bind , leave this option as it is.
* in ‘Assign profile’ select ’256k’ profile and click on ADD button to finish.
(See attached Screenshot)
Now that we have finished our basic work with UM, its time to integrate it with Mikrotik, so that all Mikrotik PPPoE authentication will be done via UM.
We have to modify some settings, both on UM and Mikrotik as well.
In UM we have to add Mikrotik Router.
* In UM, Goto Routers , ADD, NEW, name it Mikrotik,
* in ‘IP Address’ tpye you server IP address, 10.0.0.1
* in ‘Shared Secret’ type ’1234′
Now click ADD to finish. (See attached Screenshot) (in the image ip address is showing 192.168.2.1, dont get confused, use your own ip address class here)
UM section is complete , now moving on to MIKROTIK to complete the RADIUS setup.
ADDING RADIUS SUPPORT IN MIKROTIK
Open Mikrotik Terminal, and type
/ppp aaa set accounting=yes interim-update=0s use-radius=yes /radius add accounting-backup=no accounting-port=1813 address=10.0.0.1 authentication-port=1812 called-id="" disabled=no domain="" realm="" secret=1234 service=ppp,hotspot timeout=300ms /radius incoming set accept=yes port=3799
Make sure you change the ip address as per your local configuration.
! COMPLETED !
Now from client end, connect with Users id ‘zaib’ and password ’1234′ that you created via UM. It should connect fine. After first connect, this ID will expires in 30 days and bandwidth limit will be 256kb download and 128kb upload.
To view status/change password etc, from client side, point the browser to
[depend on ip series.
If you need any assistance, Do let me know.