Freeradius 3.x - CoA proxy and dynamic-client

Alex allexander.alex at gmail.com
Tue Sep 1 14:04:15 CEST 2020


Il giorno mar 1 set 2020 alle ore 13:57 Alan DeKok <
aland at deployingradius.com> ha scritto:

> On Sep 1, 2020, at 7:50 AM, Alex <allexander.alex at gmail.com> wrote:
> > My scenario is like this
> >
> >
> > Client ----- proxy (FR 3.x) ------ AAA (FR 3.x)
> >
> >                          |----------------- COA generator (Java)
> >
> >
> > So, I have a proxy frontend with dynamc-clients virtualserver wich
> forwards
> > the authentication and accounting requests to the backend via realm
> module.
> > this is working like a charm.
>
>   That's good.
>
> > I would like to use also coa requests to the client. this requests are
> > generated by a java software, then they should be proxied by the frontend
> > and forwarded to the client.
>
>   Why?  Why not just send them directly to the client?
>
>   The client only knows that the packet came from the IP of the proxy, and
> has the correct shared secret.  The client doesn't know that the packet was
> sent by FreeRADIUS, or by a separate application.
>

the java module is outside the network. the network is segmented, so java
module cannot talk directly to the clients. it's also a requirement to
preserve it.


> > from my understanding the realm module needs a static client definition
> to
> > proxy the coa requests, but this is not applicable to my scenario.
>
>   v3 doesn't support dynamic home servers.
>

are they supported in version 2? i can change the fronted version as i like.


>
> > so now I'm trying to find some kind of workaround, but i'm not able to
> find
> > any documentation on known pattern on the documentation.
> >
> > is someone facing the same problem or had solved it in the past?
>
>   Just use "radclient" to send packets directly to the client.
>
>   Alan DeKok


thank you and best regards
Alex


More information about the Freeradius-Users mailing list