On Tue 26 Sep 2006 11:55, Nicolas Baradakis wrote: > Peter Nixon wrote: > > On Mon 25 Sep 2006 19:05, Nicolas Baradakis wrote: > > > That has nothing to do with FreeRADIUS. The source address of an > > > outgoing UDP packet is chosen by the kernel according to the local > > > network configuration. > > > > I had this problem previously with FreeRADIUS where radius had to reply > > from the inside interface of a multihomed server else the packets would > > not match the IPSec tunnel ACLs bound to the external interface (A common > > config) I solved it by telling freeradius to only bind to one IP. Does > > this config no longer work?? > > This example is different from the one we're discussing. FreeRADIUS > replies indeed to the NAS from the same address as the request arrived > at. > > However, a proxy request is different, because it's a new outgoing > packet. In this case, we don't force the source IP in FreeRADIUS and > we shouldn't do so because the NAS and the realm server are possibly > on a different network. (it depends on the local network configuration) > > The network configuration of the host is outside the scope of > FreeRADIUS. The correct way to solve the problem is to fix the > network routes on the host, so the outgoing requests have the > desired source IP.
Yes you are correct. Abviously I didn't read the thread in enough depth. It does bring up the issue that we maybe should have an optional proxy_source_ip config option.. Cheers -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc
pgpNvWmIc1aJW.pgp
Description: PGP signature
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
