ad space

Migrating from MikroTik User Manager to a Scalable FreeRADIUS Server: A Step-by-Step Guide

As a growing Wireless Internet Service Provider (WISP), having a reliable and scalable RADIUS server is critical for managing user authentication, authorization, and accounting (AAA). Many small WISP operators initially use MikroTik's built-in User Manager package for simplicity. However, as the user base grows, scalability and advanced features become essential, prompting a migration to a dedicated RADIUS server like FreeRADIUS.

In this blog, we’ll explore how to migrate from MikroTik User Manager to a FreeRADIUS server hosted on either a standalone PC or inside a virtualized environment like Proxmox VE.


Why Migrate from MikroTik User Manager to FreeRADIUS?

MikroTik User Manager is an excellent choice for small WISPs, as it is tightly integrated with RouterOS, offering basic AAA functionality. However, it has limitations:

  • Limited Scalability: Struggles to handle large numbers of users and requests.
  • Performance Impact: Runs on the same hardware as your router, potentially affecting network performance under heavy load.
  • Feature Constraints: Lacks advanced RADIUS features such as custom authentication modules and detailed reporting.

FreeRADIUS, on the other hand, is a robust, feature-rich, and scalable solution capable of handling large-scale deployments and supporting advanced configurations.


Steps to Migrate from MikroTik User Manager to FreeRADIUS

1. Export Data from MikroTik User Manager

To migrate users and policies:

1. Export user credentials, profiles, and accounting data:

/tool user-manager customer print file=user_data
/tool user-manager user print file=radius_users

2. These exported files, usually in .txt or .csv format, will be used for importing into FreeRADIUS.

2. Set Up FreeRADIUS on a Dedicated Server or VM

Choosing the Hosting Environment:

  • Standalone PC: Install Linux and run FreeRADIUS directly.
  • Proxmox VE (Preferred): Install Proxmox VE on a capable server or PC, allowing you to host FreeRADIUS in a virtual machine for flexibility and scalability.

Installation Steps:

1. Install a lightweight Linux distribution (e.g., Ubuntu Server) on the VM or PC.

2. Install FreeRADIUS:
 
sudo apt update sudo apt install freeradius freeradius-utils

3. Set up a database (e.g., MySQL/MariaDB) for user management:
 
sudo apt install mariadb-server
sudo mysql_secure_installation


4. Create a database for FreeRADIUS: 

CREATE DATABASE radius;
GRANT ALL ON radius.* TO 'radius'@'localhost' IDENTIFIED BY 'password';
FLUSH PRIVILEGES;

3. Import User Data into FreeRADIUS

Convert your MikroTik exported .csv or .txt files into a SQL format compatible with FreeRADIUS. Insert user data into the relevant database tables (radcheck, radgroupcheck, radreply, etc.).

4. Configure FreeRADIUS for MikroTik Integration

1. Authorize MikroTik as a Network Access Server (NAS):

  • Add your MikroTik router in /etc/freeradius/3.0/clients.conf:
    client mikrotik {
    ipaddr = <Router-IP>
    secret = <shared-secret>
    shortname = CCR2004
    }

2. Ensure the supported authentication protocols (e.g., PAP, CHAP) align with your MikroTik configuration.

5. Test the FreeRADIUS Server

Use the radtest utility to verify functionality:

 radtest <username> <password> localhost 0 <shared-secret>

 Configure your MikroTik router to use FreeRADIUS for AAA:

/radius add address=<FreeRADIUS-IP> secret=<shared-secret> service=ppp,hotspot
 

6. Gradually Transition Users

  1. Run both systems (MikroTik User Manager and FreeRADIUS) in parallel during the migration period.
  2. Divide users into groups and switch each group to FreeRADIUS, monitoring the performance and resolving any issues.
  3. Update router configurations to prioritize FreeRADIUS: /radius set [find address=<FreeRADIUS-IP>] backup=yes
     

7. Monitor and Optimize

  • Use FreeRADIUS logs to ensure stability and performance.
  • Scale VM resources (CPU, RAM) in Proxmox VE as your user base grows.

Benefits of FreeRADIUS on Proxmox VE

  • Scalability: Can handle thousands of users with proper hardware.
  • Feature-Rich: Supports advanced protocols, custom modules, and detailed reporting.
  • Virtualization: Proxmox VE allows for resource scaling and VM migrations without downtime.

When to Stick with MikroTik User Manager

For small WISP setups with fewer than 200 users, MikroTik User Manager may suffice, offering simplicity and minimal maintenance. However, for long-term growth and reliability, migrating to FreeRADIUS is recommended.


Final Thoughts

Migrating from MikroTik User Manager to FreeRADIUS may seem daunting, but with careful planning and a gradual transition, you can future-proof your WISP operations. Using Proxmox VE adds another layer of flexibility, making your infrastructure scalable and reliable.

Whether you’re just starting or expanding your WISP business, the choice between MikroTik User Manager and FreeRADIUS depends on your current needs and future goals. For a growing user base, FreeRADIUS is the clear winner in terms of scalability and features.

If you need help setting up FreeRADIUS or migrating from MikroTik User Manager, feel free to reach out or leave a comment below!

 

Post a Comment

Previous Post Next Post