On Mon 25 Sep 2006 19:05, Nicolas Baradakis wrote: > Angel L. Mateo wrote: > > El lun, 25-09-2006 a las 14:46 +0200, Nicolas Baradakis escribió: > > > Angel L. Mateo wrote: > > > > Freeradius is working fine with this configuration, except the > > > > proxy > > > > module. The problema I have is that proxy requests are originated > > > > with the IP address of the member, not the IP of the cluster. And I > > > > haven't found any configuration option to configure this. Is there > > > > any way to do it? > > > > > > Why is this a problem? > > > > This is a problem for the next reasons: > > > > * I have to configure my firewall to accept radius conections to > > different addresses, not just the clustered IP. > > You could accept a small IP range like 192.168.1.0/30 on the firewall. > > > * The radius that receives the request has to define two different > > clients (to accept my request) and also my clustered radius (to send > > requests to me). > > I think a realm server would reply to the same IP which it received > the packet from. > > > I now it can be solved with configuration but I think this is not a > > elegant solution to the problem. If I have configured freeradius to > > listen in just one interface of the server, why it has to use another > > different interface? > > That has nothing to do with FreeRADIUS. The source address of an > outgoing UDP packet is chosen by the kernel according to the local > network configuration.
I had this problem previously with FreeRADIUS where radius had to reply from the inside interface of a multihomed server else the packets would not match the IPSec tunnel ACLs bound to the external interface (A common config) I solved it by telling freeradius to only bind to one IP. Does this config no longer work?? Cheers -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc
pgpLUYc8b0BGT.pgp
Description: PGP signature
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html