On Thu, Feb 21, 2002 at 01:39:41PM -0500, Alan DeKok wrote: > Steve Langasek <[EMAIL PROTECTED]> wrote: > > Is this a good time to inquire whether Freeradius CVS fixes the bug > > where the server doesn't set the source address in its response packets, > > causing problems if radiusd is running on a server with multiple IP > > addresses? :)
> The server doesn't set the source IP address. > Hmm... if 'bind_address' is set, then the proxy fd *should* be bound > to that IP address, too. That currently isn't done. Luckily, it's a > ~5 line patch. Our problem is orthogonal to the proxy code. We have freeradius running on a machine that currently straddles two subnets as part of our migration plan. NASen are configured to point to the server's IP address on one subnet or the other. Freeradius receives a request from a NAS sent to IP address a.b.c.d; it handles the request, and sends back a reply without explicitly choosing a source IP address for the socket -- it may be the right IP address, it may be (depending on what the kernel decides) a wrong one. bind_address seems to call for a single IP address as an argument. We do need to run radiusd on two IP addresses. I could always run two instances of radiusd (one with a bind_address for each interface), but it'd be nice if freeradius had some way of handling this scenario automatically. Just a wishlist request, really, and a tongue-in-cheek response to your post -- maybe the bass-ackwards radius server the original poster is connecting to is a multihomed freeradius server? ;) Steve Langasek postmodern programmer
msg03530/pgp00000.pgp
Description: PGP signature
