Jacob Baloul wrote: > I have several NAS / Hotspots installed behind a NAT. > They are all WRT54GL routers with OpenWRT + Chili and authenticating > against FreeRadius + DaloRadius which is NOT in this NAT. > Meaning FreeRadius sees all of the WRT's as coming from the same public > IP, which also happens to be dynamic. > My question is, can I authenticate and maintain session based on the NAS > MAC address as apposed to the public dynamic ip address?
The server doesn't support this. Running multiple NASes behind a NAT is a really bad idea. The simplest solution is to put a RADIUS proxy inside the NAT, and proxy the RADIUS packets over IPSec to the server. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
