On 06/28/2013 12:01 AM, Christopher Bongaarts wrote: > On 6/27/2013 3:01 PM, Mueller, Jason C wrote: >> Quick summary again, when using ipv6::: and bindv6only set to 0: >> * Both IPv4 and IPv6 traffic gets to Radiator >> * IPv6 works with everything I have tried >> * IPv4 clients will not match on the proper client stanza, only the DEFAULT >> client stanza > > Perhaps in this situation you need to use the IPv6-formatted IPv4 > addresses instead? e.g. |::ffff:127.0.0.1|
I agree this solves it. Since the socket is an IPv6 socket, the addresses will be IPv6 addresses too even if they were in IPv4 packets on the wire. You can use e.g. a hook like this to do some debugging: ClientHook sub {my $p = ${$_[0]}; \ my ($client_port, $client_addr) = Radius::Util::unpack_sockaddr_in($p->{RecvFrom}); \ main::log($main::LOG_DEBUG, "client_addr: " . Radius::AttrVal::pclean($client_addr)); \ } When BindAddress is set to ipv6::: and request comes in from an IPv4 address 172.20.3.170 you'll get this in the logs: DEBUG: client_addr: <0><0><0><0><0><0><0><0><0><0><255><255><172><20><3><170> When BindAddress is commented out and defaults to IPv4 0.0.0.0 you'll get this in the logs when using the same client 172.20.3.170 DEBUG: client_addr: <172><20><3><170> The former needs: <Client ipv6:::ffff:172.20.3.170> and the latter can be caught with <Client 172.20.3.170> Using the config below the requests from 127.0.0.1 and 172.20.30.170 hit different Client clauses depending on the BindAddress value being ipv6::: or 0.0.0.0 As mentioned before, this is only the case with IPv6 wildcard binding. If you the address is not a wildcard, the IPv4 requests will never pop up from that listen socket. <Client ipv6:::ffff:172.20.3.170> Identifier ipv6-mapped-ipv4-172.20.3.170 Secret mysecret DupInterval 0 </Client> <Client 172.20.3.170> Identifier ipv4-172.20.3.170 Secret mysecret DupInterval 0 </Client> <Client 127.0.0.1> Identifier ipv4-loopback Secret mysecret DupInterval 0 </Client> <Client ipv6:::ffff:127.0.0.1> Identifier ipv6-mapped-ipv4-loopback Secret mysecret DupInterval 0 </Client> <Client DEFAULT> Identifier default-client Secret mysecret DupInterval 0 </Client> # The Reply-Message will show which client clause was selected <Handler> <AuthBy FILE> Filename %D/users AddToReply Reply-Message=%{Client:Identifier} </AuthBy> </Handler> -- Heikki Vatiainen <h...@open.com.au> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator