Duplicate IPs for Radius Clients with different secrets
A.L.M.Buxey at lboro.ac.uk
A.L.M.Buxey at lboro.ac.uk
Tue Dec 16 09:43:52 CET 2008
Hi,
> I'm not exactly sure. How does a RADIUS server work over the Internet? I'm
> not connecting the radius clients onto the same LAN. If a radius request
> comes in from the internet, would the server send responses to the Internet
> IP that it received it from (which I think would work for my case) or would
> it send to the radius client IP?
>
> Here's what I'm trying to do:
> Host a radius server on the Internet...for PEAP 802.1X (WPA-enterprise).
> Each AP at the different offices would be set with the Internet IP address
> of where the radius server is running, along with a shared secret. There
> would likely be APs set to the same IP address, that's why I'm asking about
> all this.
i'm having a quick stab in the dark here - I'm guessing
that your APs will have local non routed addresses on their
LAN - eg 192.168.x.x or 172.16.x.x etc - in this case, they
will appear to the FreeRADIUS server as originating from the
IP address of your real outside world gateway/NAT box. therefore
each of your sites will be presented to the FreeRADIUS server
as different IP addresses.
of course, you could really freak things out by using
VPN tunnels from the inside networks of each site direct to
the FreeRADIUS box - but if all your sites use the same range
of addresses then the server wouldnt have a clue at all of which
tunnel to send the reply down!
with latest version 2.x of FreeRADIUS you can have dynamic clients
etc which can select the correct shared secrets depending on
special DB lookups etc - but thats not a choice for you currently.
alan
More information about the Freeradius-Users
mailing list