Hello all, I am using freeradius 2.1.0 on two ubuntu machines, one of which is configured as server and one as proxy. The network is configured in ipv6 but that's not the problem here (everything regarding ipv6 works well now) I am trying to create a testbed where there is three machines:
-one server, which listens to an interface -one client (for testing I am just using radclient) that sends auth requests to a proxy -one proxy, in the middle of the two other machines, that proxies auth requests to the server. This proxy has two interfaces, one connected to the client and one to the server. All following ipv6 addresses are to be read with global scope (but as I said, if they were ipv4 it would be the same I think) Server address : 2001::400 Proxy (interface to the server) 2001::300 Proxy (interface to the client) 2000::300 Client 2000:200 Now when I try to run the test what it happens is that the client sends the auth request, the proxy correctly forwards it to the server, and the server correctly authenticate the client. The problem is that the proxy sends the proxied message with the address 2000::300, not 2001::300. When the server tries to reply to the proxy, it tries to send the packet to 2000::300 but since it is a different network there is no route for it. I have been searching for a while in the users / radiusd.conf / clients.conf / proxy.conf for a option to set the proxy ip address when proxying messages. It seemed to me that I saw something like that , but if I did I just can't find it again. If it exists it would be sufficient to tell me where to find it and I will hopefully solve this issue on my own. I attach some config files: Server: Clients.conf # IPv6 Client client 2000::300 { nastype = other secret = testing123 shortname = relay } (if I set 2001::300 it tells me that it receives a packet from the unknown host 2000::300 and discards it) Radiusd.conf listen { # ipaddr = * ipv6addr = 2001::400 port = 0 type = auth } Proxy Clients.conf # IPv6 Client client 2000::200 { secret = testing123 shortname = mobile } Proxy.conf home_server rad_server { type = auth ipv6addr = 2001::400 port = 1812 secret =testing123 } home_server_pool my_auth { type = fail-over home_server = rad_server } realm example.com { auth_pool = my_auth } (example.com is the realm I use in the test) P.S: another quick question. It is possible with some logging option (or in other ways) to save the attributes that the server adds to the auth accept message locally in a file in the proxy machine? I saw that there is some options to add/modify the attributes in the reply, but it is possible to save them in a file? Thanks in advance for the help and sorry if I am missing out something obvious. Best Regards, -- D'Avella Stefano Bell Labs Alcatel-Lucent Centre de Villarceaux Route de Villejust 91625 NOZAY
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html