FreeRadius Multihomed VIP Issue
Brian Carpio
bcarpio at thetek.net
Tue Dec 29 21:16:08 CET 2009
FreeRadius Version: FreeRADIUS Version 1.1.3
Ok here is the situation I have freeradius sitting between two networks
10.10.10.0 and 192.168.0.0, I want to combine freeradius and heartbeat so I
can have a failover if one of the freeradius servers where to crash or
needed to be upgraded.
I'm using freeradius as a proxy by the way so on the 10.10.10.0 subnet is
where one of the radius servers lives which freeradius is proying back to.
When a client sends a request to the IP of eth0 on the freeradius server
lets say its 192.168.0.20 everything is fine the radius request is sent out
eth1 which has an IP address of 10.10.10.20 and connects to the backend
radius
server at 10.10.10.5 (this is just an example), then 10.10.10.5 sends the
packet back to 10.10.10.20 (which again is eth1 on the freeradius server),
then the packet is sent back to the client with the SOURCE address of
192.168.0.20 and the client accepts the auth request.
HOWEVER, when I setup a VIP eth0:0 with an IP address of 192.168.0.30 and
the client sends the radius request to this IP the following happens (and I
know I've been sniffing traffic all day lol) the freeradious server receives
the request on 192.168.0.30 and sends the Access Request out eth1 at
10.10.10.20 to the radius server on the backend at 10.10.10.5 which sends
the Access Accept to eth1 of the free radius server 10.10.10.20 and the
freeradius server sends the packet back to the client with the source
address of 192.168.0.20.
Well this is a problem because the client sent Access Request to
192.168.0.30 (eth0:0) NOT to 192.168.0.20 (eth0) and the client rejects the
Access Accept.
Thanks for any help you can offer!
Brian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20091229/1c7c5886/attachment.html>
More information about the Freeradius-Users
mailing list