rosario.matt...@accenture.com wrote: > I would like to specify that I'm using radclient as a RADIUS proxy.
Nonsense. radclient is a client. It's not a server. It's not a proxy. > I reach the RADIUS server through a load balancer. That's fine. > The server uses ports other than 1812 and 1813 in its responses because the > matching between requests and responses is done through the Proxy-State > attribute. Then it's not a RADIUS server. RADIUS servers don't work like that. > This behavior is implemented in a very famous European Telco operator. That behavior is wrong. Maybe they wanted to do something special with their systems. That's fine. But they way they did it shows that they have no idea how RADIUS works. > In radclient is not implemented any mechanism to support this behavior? No. > Can you confirm that the current implementation of radclient, realizes the > matching between requests and responses using also the source port of the > responses? radclient follows the RADIUS standards. It matches requests and responses via src/dst IP/port. Doing anything else is broken. It sounds like whoever built the "very famous European Telco operator" network had no idea how RADIUS works. Rather than doing something simple (and widely used, and widely tested), they resorted to custom solutions which are not maintainable. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html