<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content="text/html; charset=iso-8859-1" http-equiv=Content-Type><BASE
href="x-msg://3176/">
<META name=GENERATOR content="MSHTML 8.00.6001.19120">
<STYLE></STYLE>
</HEAD>
<BODY
style="WORD-WRAP: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space"
bgColor=#ffffff>
<DIV><FONT size=2 face=Arial>Again thanks Arran.</FONT></DIV>
<DIV><FONT size=2 face=Arial></FONT> </DIV>
<DIV><FONT size=2 face=Arial>This is quite a handful!</FONT></DIV>
<DIV><FONT size=2 face=Arial></FONT> </DIV>
<DIV><FONT size=2 face=Arial>A quick reading about radsec (<A
href="http://wiki.freeradius.org/RadSec">http://wiki.freeradius.org/RadSec</A>)
shows that its not supported by freeradius??</FONT></DIV>
<DIV><FONT size=2 face=Arial></FONT> </DIV>
<DIV><FONT size=2 face=Arial>What about the "<FONT size=3
face="Times New Roman">encrypted tunnel</FONT>" way, can you lead me to a
tutorial or MAN page that may help me?</FONT></DIV>
<DIV><FONT size=2 face=Arial></FONT> </DIV>
<DIV><FONT size=2 face=Arial>Many thanks.</FONT></DIV>
<DIV><FONT size=2 face=Arial></FONT> </DIV>
<DIV><FONT size=2 face=Arial>Grace.</FONT></DIV>
<DIV><FONT size=2 face=Arial></FONT> </DIV>
<BLOCKQUOTE
style="BORDER-LEFT: #000000 2px solid; PADDING-LEFT: 5px; PADDING-RIGHT: 0px; MARGIN-LEFT: 5px; MARGIN-RIGHT: 0px">
<DIV style="FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV
style="FONT: 10pt arial; BACKGROUND: #e4e4e4; font-color: black"><B>From:</B>
<A title=a.cudbardb@freeradius.org
href="mailto:a.cudbardb@freeradius.org">Arran Cudbard-Bell</A> </DIV>
<DIV style="FONT: 10pt arial"><B>To:</B> <A
title=freeradius-users@lists.freeradius.org
href="mailto:freeradius-users@lists.freeradius.org">FreeRadius users mailing
list</A> </DIV>
<DIV style="FONT: 10pt arial"><B>Sent:</B> Friday, August 26, 2011 3:23
PM</DIV>
<DIV style="FONT: 10pt arial"><B>Subject:</B> Re: A trick for configuring
freerad to authenticate multiple NASwithdynamic IPs</DIV>
<DIV><BR></DIV><BR>
<DIV>
<DIV>On 26 Aug 2011, at 12:08, Grace M. wrote:</DIV><BR
class=Apple-interchange-newline>
<BLOCKQUOTE type="cite"><SPAN
style="WIDOWS: 2; TEXT-TRANSFORM: none; TEXT-INDENT: 0px; BORDER-COLLAPSE: separate; FONT: medium Helvetica; WHITE-SPACE: normal; ORPHANS: 2; LETTER-SPACING: normal; WORD-SPACING: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px"
class=Apple-style-span>
<DIV
style="WORD-WRAP: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space"
bgcolor="#ffffff">
<DIV><FONT size=2 face=Arial>Thank you Arran for quick reply.</FONT></DIV>
<DIV><FONT size=2 face=Arial></FONT> </DIV>
<DIV><FONT size=2 face=Arial>Since the NAS(s) will be in other networks,
they will appear to my server as dynamic *public ips* and sometimes the
NAS(s) will be multiple</FONT></DIV>
<DIV><FONT size=2 face=Arial>in one external NATed network (such will appear
as from 1 public ip). In this case I will need to specify a range of puplic
ips??</FONT></DIV></DIV></SPAN></BLOCKQUOTE>
<DIV><BR></DIV>
<DIV>Yes, either that or use the dynamic-clients virtual server in
raddb/sites-available to just accept any client. Then use the same shared
secret for all external clients.</DIV>
<DIV><BR></DIV>
<DIV>If you're using an EAP method with some kind of TLS layer then the shared
secret doesn't really do anything useful, other than providing crude
protection against DoS attacks (even then that won't always work).</DIV>
<DIV><BR></DIV>
<DIV>Incidentally if you are doing PAP or CHAP then you should not be sending
the RADIUS packets over a public network without using RADSEC or running them
through some sort of encrypted tunnel. </DIV>
<DIV><BR></DIV>
<DIV>-Arran</DIV>
<DIV><BR></DIV>
<DIV><BR></DIV><BR>
<BLOCKQUOTE type="cite"><SPAN
style="WIDOWS: 2; TEXT-TRANSFORM: none; TEXT-INDENT: 0px; BORDER-COLLAPSE: separate; FONT: medium Helvetica; WHITE-SPACE: normal; ORPHANS: 2; LETTER-SPACING: normal; WORD-SPACING: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px"
class=Apple-style-span>
<DIV
style="WORD-WRAP: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space"
bgcolor="#ffffff">
<DIV><FONT size=2 face=Arial></FONT> </DIV>
<DIV><FONT size=2 face=Arial>Don't know am making sense.</FONT></DIV>
<DIV><FONT size=2 face=Arial></FONT> </DIV>
<DIV><FONT size=2 face=Arial>Grace</FONT></DIV>
<BLOCKQUOTE
style="Z-INDEX: auto; POSITION: static; BORDER-LEFT: rgb(0,0,0) 2px solid; PADDING-LEFT: 5px; PADDING-RIGHT: 0px; MARGIN-LEFT: 5px; MARGIN-RIGHT: 0px">
<DIV style="FONT: 10pt arial">----- Original Message -----</DIV>
<DIV
style="BACKGROUND-COLOR: rgb(228,228,228); FONT: 10pt arial; background-origin: initial; background-clip: initial"><B>From:</B><SPAN
class=Apple-converted-space> </SPAN><A
title=a.cudbardb@freeradius.org
href="mailto:a.cudbardb@freeradius.org">Arran Cudbard-Bell</A></DIV>
<DIV style="FONT: 10pt arial"><B>To:</B><SPAN
class=Apple-converted-space> </SPAN><A
title=freeradius-users@lists.freeradius.org
href="mailto:freeradius-users@lists.freeradius.org">FreeRadius users
mailing list</A></DIV>
<DIV style="FONT: 10pt arial"><B>Sent:</B><SPAN
class=Apple-converted-space> </SPAN>Friday, August 26, 2011 2:55
PM</DIV>
<DIV style="FONT: 10pt arial"><B>Subject:</B><SPAN
class=Apple-converted-space> </SPAN>Re: A trick for configuring
freerad to authenticate multiple NAS withdynamic IPs</DIV>
<DIV><BR></DIV><BR>
<DIV>
<DIV>On 26 Aug 2011, at 11:49, Grace M. wrote:</DIV><BR
class=Apple-interchange-newline>
<BLOCKQUOTE type="cite"><SPAN
style="WIDOWS: 2; TEXT-TRANSFORM: none; TEXT-INDENT: 0px; BORDER-COLLAPSE: separate; FONT: medium Helvetica; WHITE-SPACE: normal; ORPHANS: 2; LETTER-SPACING: normal; WORD-SPACING: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px"
class=Apple-style-span>
<DIV bgcolor="#ffffff">
<DIV><FONT size=2 face=Arial>Guyz,</FONT></DIV>
<DIV><FONT size=2 face=Arial></FONT> </DIV>
<DIV><FONT size=2 face=Arial>I have FreeRADIUS Version 2.1.10 working
with mysql to authenticate uses connected to a number of
NAS(s).</FONT></DIV>
<DIV><FONT size=2 face=Arial></FONT> </DIV>
<DIV><FONT size=2 face=Arial>Now, I would like to authenticate
NAS(s) which should connect to my freerad from other networks
(outside my lan) which have dynamic IPs.</FONT></DIV>
<DIV><FONT size=2 face=Arial></FONT> </DIV>
<DIV><FONT size=2 face=Arial>Anyone with a trick on how to configure
clients.conf for that?</FONT></DIV></DIV></SPAN></BLOCKQUOTE>
<DIV><BR></DIV>
<DIV>You can specify IP ranges for clients? Would this help? Or are the
dynamic clients extra dynamic?</DIV>
<DIV><BR></DIV>
<DIV>-Arran</DIV></DIV><BR>
<DIV><SPAN
style="WIDOWS: 2; TEXT-TRANSFORM: none; TEXT-INDENT: 0px; BORDER-COLLAPSE: separate; FONT: medium Helvetica; WHITE-SPACE: normal; ORPHANS: 2; LETTER-SPACING: normal; WORD-SPACING: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px"
class=Apple-style-span><SPAN
style="WIDOWS: 2; TEXT-TRANSFORM: none; TEXT-INDENT: 0px; BORDER-COLLAPSE: separate; FONT: medium Helvetica; WHITE-SPACE: normal; ORPHANS: 2; LETTER-SPACING: normal; WORD-SPACING: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px"
class=Apple-style-span>
<DIV
style="WORD-WRAP: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space">
<DIV>Arran Cudbard-Bell</DIV>
<DIV><A
href="mailto:a.cudbardb@freeradius.org">a.cudbardb@freeradius.org</A></DIV>
<DIV><BR></DIV>
<DIV>RADIUS - Half the complexity of
Diameter</DIV></DIV></SPAN></SPAN></DIV><BR>
<DIV><BR class=webkit-block-placeholder></DIV>
<HR>
<DIV><BR class=webkit-block-placeholder></DIV>-<BR>List
info/subscribe/unsubscribe? See<SPAN
class=Apple-converted-space> </SPAN><A
href="http://www.freeradius.org/list/users.html">http://www.freeradius.org/list/users.html</A></BLOCKQUOTE>-<BR>List
info/subscribe/unsubscribe? See<SPAN
class=Apple-converted-space> </SPAN><A
href="http://www.freeradius.org/list/users.html">http://www.freeradius.org/list/users.html</A></DIV></SPAN></BLOCKQUOTE></DIV><BR>
<DIV><SPAN
style="WIDOWS: 2; TEXT-TRANSFORM: none; TEXT-INDENT: 0px; BORDER-COLLAPSE: separate; FONT: medium Helvetica; WHITE-SPACE: normal; ORPHANS: 2; LETTER-SPACING: normal; COLOR: rgb(0,0,0); WORD-SPACING: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px"
class=Apple-style-span><SPAN
style="WIDOWS: 2; TEXT-TRANSFORM: none; TEXT-INDENT: 0px; BORDER-COLLAPSE: separate; FONT: medium Helvetica; WHITE-SPACE: normal; ORPHANS: 2; LETTER-SPACING: normal; COLOR: rgb(0,0,0); WORD-SPACING: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px"
class=Apple-style-span>
<DIV
style="WORD-WRAP: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space">
<DIV>Arran Cudbard-Bell</DIV>
<DIV><A
href="mailto:a.cudbardb@freeradius.org">a.cudbardb@freeradius.org</A></DIV>
<DIV><BR></DIV>
<DIV>RADIUS - Half the complexity of
Diameter</DIV></DIV></SPAN></SPAN></DIV><BR>
<P>
<HR>
<P></P>-<BR>List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html</BLOCKQUOTE></BODY></HTML>