On 06/21/2013 04:06 PM, Mueller, Jason C wrote: > I am trying to enable IPv6 on Radiator 4.11.
See the reference manual section "5.5 Address binding" for more information, but in short by default in Linux: - BindAddress ipv6::: allows the socket to receive *both* IPv4 and IPv6 UDP packets - BindAddress 0.0.0.0 is for IPv4 only - Using BindAddress 0.0.0.0,ipv6::: does not work since no matter which order the wildcard addresses are listed, the IPv4 wildcard is tried to be used twice The reason and solution are described here: http://tools.ietf.org/html/rfc3493#section-5.3 "When this option is turned on, the socket can be used to send and receive IPv6 packets only." The option is IPV6_V6ONLY and the system default can be switched from (off) to on like this: # echo 1 > /proc/sys/net/ipv6/bindv6only or % sudo sysctl net.ipv6.bindv6only=1 Once you do this, you can have BindAddress 0.0.0.0,ipv6::: or BindAddress ipv6:::0.0.0.0 because there's no more magic related to the different address families in the wildcard anymore. > When using the BindAddress configuration parameter, I have to specify an IPv6 > address. When I specify an address that is in use by the local system, > Radiator successfully binds to the IPv6 address. For example, I have a line > like this in my radius.cfg file which does work: > BindAddress 0.0.0.0,ipv6:2620:0:e50:200::5 > > However, I would prefer to use an IPv6 equivalent to IPv4's 0.0.0.0. The > reason is that I would like the same configuration file to work across > multiple systems. This simplifies management and allows for easy > synchronization. > > I have tried ipv6:::, but that did not work. Actually it should work if you do this: BindAddress ipv6::: since ipv6::: will take care of both address families. > I also tried putting in a list of IPv6 addresses for each of the systems, > thinking that it would successfully bind only to the IPv6 address locally > configured and ignore the rest, but Radiator refuses to bind to any IPv6 > addresses if there is a list of IPv6 addresses and one of them does not exist > locally. For example, the following fails on a system configured with > 2620:0:e50:200::5, because the address 2620:0:e50:300::5 does not exist on > the system: > BindAddress 0.0.0.0,ipv6:2620:0:e50:200::5,ipv6:2620:0:e50:300::5 That's correct. If the address is non-wildcard, the bind must succeed currently. > I am hoping that someone has an IPv6 equivalent to 0.0.0.0 that works with > Radiator. If not, any ideas that can help me keep the same config file across > multiple systems when using IPv6 (like I can do with IPv4) would be > appreciated. I think the most clear option is to turn on IPV6_V6ONLY and then use BindAddress 0.0.0.0,ipv6:::. Then both IPv4 and IPv6 can be treated as completely different protocols which they in practice pretty much are. However, the system defaults with BindAddress ipv6::: will take care of IPv4 and IPv6 messages received by any address the host has. Thanks, Heikki -- Heikki Vatiainen <h...@open.com.au> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
