Hi, > I'm not exactly sure. How does a RADIUS server work over the Internet? I'm > not connecting the radius clients onto the same LAN. If a radius request > comes in from the internet, would the server send responses to the Internet > IP that it received it from (which I think would work for my case) or would > it send to the radius client IP? > > Here's what I'm trying to do: > Host a radius server on the Internet...for PEAP 802.1X (WPA-enterprise). > Each AP at the different offices would be set with the Internet IP address > of where the radius server is running, along with a shared secret. There > would likely be APs set to the same IP address, that's why I'm asking about > all this.
i'm having a quick stab in the dark here - I'm guessing that your APs will have local non routed addresses on their LAN - eg 192.168.x.x or 172.16.x.x etc - in this case, they will appear to the FreeRADIUS server as originating from the IP address of your real outside world gateway/NAT box. therefore each of your sites will be presented to the FreeRADIUS server as different IP addresses. of course, you could really freak things out by using VPN tunnels from the inside networks of each site direct to the FreeRADIUS box - but if all your sites use the same range of addresses then the server wouldnt have a clue at all of which tunnel to send the reply down! with latest version 2.x of FreeRADIUS you can have dynamic clients etc which can select the correct shared secrets depending on special DB lookups etc - but thats not a choice for you currently. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
