Source IP address for proxy requests

[Nicolas Baradakis]

Peter Nixon wrote:

> On Mon 25 Sep 2006 19:05, Nicolas Baradakis wrote:
>
> > That has nothing to do with FreeRADIUS. The source address of an
> > outgoing UDP packet is chosen by the kernel according to the local
> > network configuration.
>
> I had this problem previously with FreeRADIUS where radius had to reply from
> the inside interface of a multihomed server else the packets would not match
> the IPSec tunnel ACLs bound to the external interface (A common config) I
> solved it by telling freeradius to only bind to one IP. Does this config no
> longer work??

This example is different from the one we're discussing. FreeRADIUS
replies indeed to the NAS from the same address as the request arrived
at.

However, a proxy request is different, because it's a new outgoing
packet. In this case, we don't force the source IP in FreeRADIUS and
we shouldn't do so because the NAS and the realm server are possibly
on a different network. (it depends on the local network configuration)

The network configuration of the host is outside the scope of
FreeRADIUS. The correct way to solve the problem is to fix the
network routes on the host, so the outgoing requests have the
desired source IP.

-- 
Nicolas Baradakis