When a radius proxy, such as an appropriately configured freeradius ,
forwards (proxies) a radius request to a target, the target sees a radius
request from the proxy .. it sees its IP address, the source port, and the
UID of the radius request.
now, when the radius target forms a reply/responce, does it address it to
that source port on the proxy server?
if i run multiple proxies on a server, they will get the correct replies if
1. they send the proxied requests to the targets from different src
udp ports
2. if the targets actually respond to these src udp ports, and not a
default like 1645
in people's experience, is the above a reasonable assumption or are there
common cases of radius target servers (not determined, and heterogeneous)
which do not behave correctly/usefully.
(there is a secondary issue that the UID for radius is 8 bits long which
means that in a high proxy volume environment a proxy server can't
theoretically have more than 256 pending requests ... how is this issue
overcome in practice? multiple instances? i know that not all devices and
target radius servers implement the extended id which effectively expands
the range from 256)
tariq
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
