Peter Nixon wrote: > On Mon 25 Sep 2006 19:05, Nicolas Baradakis wrote: > > > That has nothing to do with FreeRADIUS. The source address of an > > outgoing UDP packet is chosen by the kernel according to the local > > network configuration. > > I had this problem previously with FreeRADIUS where radius had to reply from > the inside interface of a multihomed server else the packets would not match > the IPSec tunnel ACLs bound to the external interface (A common config) I > solved it by telling freeradius to only bind to one IP. Does this config no > longer work??
This example is different from the one we're discussing. FreeRADIUS replies indeed to the NAS from the same address as the request arrived at. However, a proxy request is different, because it's a new outgoing packet. In this case, we don't force the source IP in FreeRADIUS and we shouldn't do so because the NAS and the realm server are possibly on a different network. (it depends on the local network configuration) The network configuration of the host is outside the scope of FreeRADIUS. The correct way to solve the problem is to fix the network routes on the host, so the outgoing requests have the desired source IP. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
