sending requests to a virtual server when behind a proxy

[Alan DeKok]

On Jul 15, 2015, at 12:12 PM, Louis Munro <lmunro at inverse.ca> wrote:
> I have a set of servers behind two FreeRADIUS servers configured to proxy and load balance to a pool of backend FR servers (2.26 both on the load balancers and backend).
> 
> I would like to send some requests to a different virtual server on the backend to authenticate our VPN requests separately from the regular Wireless authentications.
> 
> I can set the virtual server in the client definition (on the backend servers) and that seems to work well but when the requests are proxied through the load-balancers the client is the proxying server and so my virtual server config is not applied.

  Yup... that's how it works, unfortunately.

> I could alway send those requests to a virtual server listening on a different port on the backend, but I would like to avoid that if there is a way.
> That just adds more complexity and ports to manage in firewall and such.
> 
> Am I missing something obvious? 
> I don’t think this could be done using dynamic clients since I can’t inspect the NAS-IP-Address there. 
> 
> Any other way that someone can think of? 

  You can proxy to a virtual server... set up a realm for each virtual server, then a pool, then a home_server which has 'virtual_server = blah'

  If those home servers are authenticating the users, great.  If they're proxying... that can't be done right now.

  Alan DeKok.