On 27.07.2016 21:32, Robert Blayzor wrote: > The problem with this I think is that Radiator responds with a source > address of where the packet leaves. (at least that’s been my > experience).
Yes, this happens by default when BindAddress is not configured. The default is to bind the RADIUS listen ports with the wildcard address 0.0.0.0. When the replies are sent, they are from the socket that received the request. When the socket has been bound with the wildcard address, kernel will pick a source address for the reply. When BindAddress is configured, a socket is created and bound for each address defined by BindAddress. In this case the source address of a reply is the specific non-wildcard address the socket was bound to. In short: BindAddress can be useful on multi homed hosts. However, if IP addresses are added and removed dynamically, this can cause problems because the addresses are now part of the Radiator configuration too. > Most clients will probably ignore the response as it’s > coming from a different address. Yes, they will probably log the replies as unknown messages or something similar. > With Radiator being Perl, I don’t think you can force Radiator to > answer from a specific source address on the server. With wildcard bind address things can get complicated. There are socket functions that allow querying the address the request was sent to, but these are OS specific and may require additional modules for accessing, for example sendmsg() and other functions. The easiest way to handle problems with reply addresses on multi homed hosts is to use BindAddress, if possible. Thanks, Heikki -- Heikki Vatiainen Open System Consultants _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
