Fahd Kasri <[email protected]> wrote:
>
> Is it possible to have multiple Radius clients behind a router connect to a
> distant Freeradius server (these clients would therefore have the same IP
> address and be the same client in clients.conf)?
> I've this and apparently it works, but could there be any problems in the
> long run?
>
They would either:
* need to use the same shared secret
* connect to different IP's provisioned by FreeRADIUS (the server is
bind()'ed to more than one address)
* send traffic to different port numbers being listened to by
FreeRADIUS (listens on ports other than the 'official' ones)
You can use a combination of the above (if you are crazy), but you will
need to use at lease *one*. The alternative is to kill NAT...for it is
evil[1].
Cheers
[1] if the network is 'trusted' then use an IPIP/GRE tunnel to get the
traffic to the RADIUS server
--
Alexander Clouter
.sigmonster says: A dead man cannot bite.
-- Gnaeus Pompeius (Pompey)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
