So apparently this works... I was expecting relayd to listen on those ports,
but I'm guessing that since it hooks through pf, that's not necessary.
-----Original Message-----
From: owner-m...@openbsd.org <owner-m...@openbsd.org> On Behalf Of Shawn
Southern
Sent: October 19, 2018 1:00 PM
To: misc@openbsd.org
Subject: relayd and radius
We have a lot of devices that use RADIUS, but they do not allow us to specify a
2nd RADIUS server. Since we use OpenBSD w/ CARP as our router/firewall, we
want to use relayd to provide some redundancy for the RADIUS servers.
There are two internal subnets - 10.10.10.0/24, which has our servers, and
10.10.11.0/24 that has the devices using RADIUS to authenticate clients.
10.10.10.1 and 10.10.11.1 are both carp interfaces.
When starting relayd, nothing appears to be listening on the RADIUS ports. Is
this even possible with relayd? Is my configuration just horribly wrong?
relayd.conf:
radius1 = "10.10.10.5"
radius2 = "10.10.10.6"
radius_listen = "10.10.11.1"
table <radiushost1> { $radius1 }
table <radiushost2> { $radius2 }
redirect radius {
listen on $radius_listen udp port 1812:1813
forward to <radiushost1> check icmp
forward to <radiushost2> check icmp
}
Thanks in advance for any help!
