11 Jun
2009
11 Jun
'09
3:57 a.m.
Jacob Baloul wrote:
I have several NAS / Hotspots installed behind a NAT. They are all WRT54GL routers with OpenWRT + Chili and authenticating against FreeRadius + DaloRadius which is NOT in this NAT. Meaning FreeRadius sees all of the WRT's as coming from the same public IP, which also happens to be dynamic. My question is, can I authenticate and maintain session based on the NAS MAC address as apposed to the public dynamic ip address?
The server doesn't support this. Running multiple NASes behind a NAT is a really bad idea. The simplest solution is to put a RADIUS proxy inside the NAT, and proxy the RADIUS packets over IPSec to the server. Alan DeKok.