Hi
I'm busy with a FreeRadius Eduroam setup, but it only works with ipv4 and not
with ipv6.
My Setup:
wifi-client <--> my-FreeRadius-proxy <---> eduroam-proxy <---> remote-site
My server:
FreeBSD 8.1-STABLE with freeradius-2.1.10_1 that was build from the ports,
with ipv6 enabled.
Here is a list of things that I've noticed when I run radiusd -X
Regards
Johann
------------------------------------------------------------------------------------------------------------
1) FreeRadius with only an ipv4 listen section in radiusd.conf. (no ipv6)
#listen {
# type = auth
# ipv6addr = ::
# port = 0
#}
ganymede# sockstat | grep 1812
freeradius radiusd 61076 5 udp4 *:1812 *:*
FreeRadius tries to send Access-Request packets to the ipv6 address of edurom-
proxy-server (eduroam0.sanren.ac.za) when I use it's dns name in proxy.conf.
Sending Access-Request of id 172 to 2001:4200:ffff:14:5054:17ff:fe36:5d3d port
1812
User-Name = "nren_radius_t...@ru.ac.za"
NAS-IP-Address = 146.64.25.55
Called-Station-Id = "0016b6d9211b"
Calling-Station-Id = "0015af8e3baa"
NAS-Identifier = "0016b6d9211b"
NAS-Port = 31
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message =
0x0200001e016e72656e5f7261646975735f746573744072752e61632e7a61
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x30
It works fine if I use the ipv4 address (no dns) for eduroam0.sanren.ac.za.
------------------------------------------------------------------------------------------------------------
2) FreeRadius with both an ipv4 and an ipv6 listen section in radiusd.conf.
listen {
type = auth
ipv6addr = ::
port = 0
}
ganymede# sockstat | grep 1812
freeradius radiusd 61076 5 udp4 *:1812 *:*
freeradius radiusd 61076 6 udp6 *:1812 *:*
Running radiusd -X I can see it tries to send out ipv6 requests.
Sending Access-Request of id 229 to 2001:4200:ffff:14:5054:17ff:fe36:5d3d port
1812
User-Name = "nren_radius_t...@ru.ac.za"
NAS-IP-Address = 146.64.25.55
Called-Station-Id = "0016b6d9211b"
Calling-Station-Id = "0015af8e3baa"
NAS-Identifier = "0016b6d9211b"
NAS-Port = 31
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message =
0x0201001e016e72656e5f7261646975735f746573744072752e61632e7a61
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x30
But I don't see anyting with tcpdump. After a while I get the following
message in radiusd:
WARNING: Internal sanity check failed in event handler for request 13:
Discarding the request!
Ready to process requests.
------------------------------------------------------------------------------------------------------------
3) FreeRadius with both an ipv4 and an ipv6 listen section in radiusd.conf,
but with a specific ipv6 address configured.
listen {
type = auth
ipv6addr = 2001:4200:ffff:14:5054:17ff:fe36:5d3d
port = 0
}
radiusd -X stops with the following error:
Failed binding to authentication address 2001:4200:ffff:14:5054:17ff:fe36:5d3d
port 1812: Can't assign requested address
/usr/local/etc/raddb/radiusd.conf[32]: Error binding to port for
2001:4200:ffff:14:5054:17ff:fe36:5d3d port 1812
-----------------------------------------------------------------------------------------------------------------
## radiusd.conf -- FreeRADIUS server configuration file.
######################################################################
prefix = /usr/local
exec_prefix = ${prefix}
sysconfdir = ${prefix}/etc
localstatedir = /var
sbindir = ${exec_prefix}/sbin
logdir = /var/log
raddbdir = ${sysconfdir}/raddb
radacctdir = ${logdir}/radacct
name = radiusd
confdir = ${raddbdir}
run_dir = ${localstatedir}/run/${name}
db_dir = ${raddbdir}
libdir = /usr/local/lib/freeradius-2.1.9
pidfile = ${run_dir}/${name}.pid
user = freeradius
group = freeradius
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
listen {
type = auth
ipaddr = *
port = 0
}
listen {
type = auth
#ipaddr = *
ipv6addr = ::
#ipv6addr = 2001:4200:ffff:14:5054:17ff:fe36:5d3d
port = 0
}
listen {
type = acct
ipaddr = *
# ipv6addr = ::
port = 0
}
hostname_lookups = no
allow_core_dumps = no
regular_expressions = yes
extended_expressions = yes
log {
destination = files
file = ${logdir}/radius.log
syslog_facility = daemon
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no
}
checkrad = ${sbindir}/checkrad
security {
max_attributes = 200
reject_delay = 1
status_server = no
}
proxy_requests = yes
$INCLUDE ${confdir}/proxy.conf
$INCLUDE ${confdir}/clients.conf
thread pool {
start_servers = 5
max_servers = 32
min_spare_servers = 3
max_spare_servers = 10
max_requests_per_server = 0
}
modules {
$INCLUDE ${confdir}/modules/
$INCLUDE ${confdir}/eap.conf
}
instantiate {
exec
expr
expiration
logintime
}
$INCLUDE policy.conf
$INCLUDE sites-enabled/
######################################################################
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
