Hi,
it's a very bad idea to use link-local addresses. You should use a
global or ULA address instead.
I don't *know* why this doesn't work, but it does with our global-scope
addresses just fine, so I'm guessing it's the address type.
Especially since link-local addresses are only valid with an interface
scope. So
"fe80::215:17ff:fed0:d278"
simply isn't an IPv6 address.
"fe80::215:17ff:fed0:d278%eth0"
is the valid address. I don't know if the FreeRADIUS address parser is
prepared to handle such interface-scoped addresses. There's not much use
case for this.
Greetings,
Stefan Winter
Am 23.05.13 16:11, schrieb Michael Sherman:
what does this do...
client fe80::215:17ff:fed0:d278 {
secret = test
shortname = test-net
nastype = other
}
... ?
alan
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
Same :(
radiusd: #### Loading Clients ####
client 127.0.0.1 {
require_message_authenticator = no
secret = "testing123"
shortname = "localhost"
nastype = "other"
}
client 10.10.0.0/16 {
require_message_authenticator = no
secret = "bigsecret"
shortname = "test-net"
}
client fe80::215:17ff:fed0:d278 {
require_message_authenticator = no
secret = "bigsecret"
shortname = "test-net"
nastype = "other"
}
...
radiusd: #### Opening IP addresses and Ports ####
listen {
type = "auth"
ipv6addr = :: IPv6 address [::]
port = 0
}
listen {
type = "acct"
ipv6addr = :: IPv6 address [::]
port = 0
}
listen {
type = "control"
listen {
socket = "/usr/local/var/run/radiusd/radiusd.sock"
}
}
listen {
type = "auth"
ipaddr = 127.0.0.1
port = 18120
}
... adding new socket proxy address * port 54225
Listening on authentication address :: port 1812
Listening on accounting address :: port 1813
Listening on command file /usr/local/var/run/radiusd/radiusd.sock
Listening on authentication address 127.0.0.1 port 18120 as server
inner-tunnel
Listening on proxy address :: port 1814
Ready to process requests.
Ignoring request to authentication address :: port 1812 from unknown
client fe80::215:17ff:fed0:d278 port 48848
Ready to process requests.
Ignoring request to authentication address :: port 1812 from unknown
client fe80::215:17ff:fed0:d278 port 48848
Ready to process requests.
Ignoring request to authentication address :: port 1812 from unknown
client fe80::215:17ff:fed0:d278 port 48848
Ready to process requests.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html