Hello Jason -
According to section 5.5 in the Radiator 4.11 reference manual ("doc/ref.pdf")
you need to specify both ipv6 and ipv4 like this:
BindAddress ipv6:::, 0.0.0.0
5.5 Address binding
One of the main functions of Radiator is to listen for UDP packets and TCP
connections from other systems according to the Radiator configuration. The
various Radiator clauses that can accept packets or connections from other
systems all support the BindAddress parameter, which controls which IP
addresses Radiator will listen on. IP packets sent to an IP address which is on
the Radiator host, but which Radiator has not bound with BindAddress will not
be received by Radiator.
The driver for this is that a single host may have multiple IP addresses, and
those addresses may be IPV4, IPV6 and/or IPV4-over-IPV6. You may require
Radiator to only honour requests directed to one of or a subset of the IP
addresses for the host.
With BindAddress you can control which destination IP addresses Radiator will
accept. You can specify one or more IPV4 or IPV6 addresses, including wildcard
addresses. You can specifiy one or more comma separated bind addresses in the
BindAddress parameter. The following forms may be used:
• 0.0.0.0 (the default) Any IPV4 address on the host
• 1.2.3.4 A specific IPV4 address on the host
• ipv6::: Any IPV6 address on the host (and this may include any
IPV4-over-IPV6 address, depending on how the host is configured
• ipv6:2001:610:148:100::31 A specific IPV6 address on the host They
may be combined in one BindAddress parameter like so:
BindAddress 0.0.0.0
BindAddress 192.87.30.31,ipv6:2001:610:148:dead::31
BindAddress ipv6:::, 0.0.0.0
Hint: Linux also has a special file to control the system wide behaviour:
/proc/sys/net/ipv6/bindv6only
By default this seems to be 0. When it is 0, this will not work as expected:
BindAddress ipv6:::, 0.0.0.0
But if it is set to 1, the IPV6 bind wil not include the IPV4 bind and will
work as expected.
Hint: In order to support IPV6 address, you must install the Perl Socket6
module.
regards
Hugh
On 27 Jun 2013, at 08:56, "Mueller, Jason C" <[email protected]> wrote:
> Hello,
>
> I am using Radiator 4.11.
>
> I will show relevant portions of my config and then comment on them (IP
> addresses changed and Secret ***'d out to protect the guilty):
> ----------
> BindAddress ipv6:::
> AuthPort 1812
> AcctPort 1813
> # ipv6 client
> <Client ipv6:2620:0:e50:100::100>
> Secret ***
> DupInterval 0
> AddToReply Session-Timeout=0,cisco-avpair=shell:roles="network-admin"
> </Client>
> # ipv4 client
> <Client 128.255.90.90>
> Secret ***
> DupInterval 0
> AddToReply Session-Timeout=0,Filter-Id=15
> </Client>
> # ipv4 subnet
> <Client 128.255.100.0/24>
> Secret ***
> DupInterval 0
> AddToReply Session-Timeout=0,Filter-Id=10
> </Client>
> ----------
>
> When I use the "BindAddress ipv6:::" configuration parameter, neither of the
> IPv4 client definitions work. Radiator will give the following log message:
> Wed Jun 26 16:56:38 2013: NOTICE: Request from unknown client 128.255.90.90:
> ignored
>
> In the above configuration, the IPv6 client works just fine.
>
> If I add a "<Client DEFAULT>" clause when I still have the "BindAddress
> ipv6:::" parameter configured, the IPv4 clients that I want to match more
> specifically will match on the DEFAULT client stanza. I cannot have a DEFAULT
> client stanza in my config.
>
> Additionally, if I remove the "BindAddress ipv6:::" parameter from the config
> (or comment it out), then the IPv4 clients work as expected.
>
> It appears that when I enable IPv6 like above, that I lose my ability to
> match on more specific IPv4 client clauses, and I have to use the DEFAULT
> client stanza, which is not an option for me.
>
> Thoughts? Any help is appreciated.
>
> -Jason
>
>
> _______________________________________________
> radiator mailing list
> [email protected]
> http://www.open.com.au/mailman/listinfo/radiator
--
Hugh Irvine
[email protected]
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc.
Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
_______________________________________________
radiator mailing list
[email protected]
http://www.open.com.au/mailman/listinfo/radiator
