> 1. FreeRadius lacks the ability to actually run Nas's behind a link with a > dynamic IP. Although not recommended, this software does not support a > proper way of dealing with this.
Nonsense. This is a fundamental limitation of the RADIUS protocol. If you want to use dynamic IPs, use a VPN, or TLS (RFC 6614) > This is indeed a fake. I have added this in mysql in the nas table under > the field community (described in ify /yfi setup). The connection actually > works. I can (ab)use this field as much as desired Because RADIUS depends on source IP. >> Of course. RADIUS depends on IP addresses, not on Called-Station-Id. >> This is documented in the "dynamic_clients" configuration. Right at >> the top of the virtual server. > > Yes, I have read the documentation (multiple sources, google etc...) I was > just wondering what happens when you use the raw module. It's not distributed with the server. So it's not a supported module. And no, I don't use it. And no, you haven't read the documentation. The files I mentioned *clearly* states that the dynamic clients use and cache the source IP. They say NOTHING about checking the Called-Station-Id for each packet. > Is a client defined by a NAS or a user? RADIUS clients are defined by source IP. The documentation you allegedly read makes this clear. So there's no need to ask the above question... because the documentation already answers it. > The output shows indeed when it goes through the the dynamic server > section and once it is authenticated it only runs through the default > (which is understandable) So... *nothing* else in the debug output is useful to you. I guess you've read it as carefully as you've read the documentation. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html