Load Balancing user requests to multiple LNS's
Hello Everyone, I am trying to configure our free-radius server to send multiple LNS L2TP parameters to a customer's radius server for establishing an L2TP tunnel prior to the user authenticating. Apparently these responses will have to exist in every request however the Customer will only establish an L2TP session if one doesn't exist already. As per their documentation, I would have to do something like below, where the :1: would be L2TP tunnel 1 and :2: would be Tunnel 2: Service-Type=framed Tunnel-Medium-Type=:1:IP Tunnel-Medium-Type=:2:IP Tunnel-Password=:1:password Tunnel-Password=:2:password Tunnel-Type=:1:L2TP Tunnel-Type=:2:L2TP Tunnel-Server-Endpoint=:1:X.X.X.X Tunnel-Server-Endpoint=:2:Y.Y.Y.Y Tunnel-Preference=:1:1 Tunnel-Preference=:2:1 The tunnel-preference would tell them to load balance between Tunnel Server Endpoint 1 and 2. I have loaded all this in a group in the radgroupreply and assigned the group to the user table however when I query the radius I only get the first tunnel info back to me. Can anyone point me in the right direction? In the radius logs there are no errors logged and it just shows the replies it sent to the customer which excludes the :2: tunnel information. I'm using Freeradius 1.0.4 with a mysql config. Thanks Adrian Boros
Adrian wrote:
As per their documentation, I would have to do something like below, where the :1: would be L2TP tunnel 1 and :2: would be Tunnel 2:
Service-Type=framed
Tunnel-Medium-Type=:1:IP
Tunnel-Medium-Type=:2:IP
Use "+=". See "man users".
I’m using Freeradius 1.0.4 with a mysql config.
Wow. Why? That is *years* out of date. Alan DeKok.
Hello, I'm having difficulty locating documentation on how to manage the certificates that are generated for use with WPA. It appears that no matter how long I set the Certificate Authority Certificate to be valid for, it appears to be valid for only 30 days from the day it was created. I have already changed the variables used in the ca.cnf script for something much longer, but that still does not change anything. What is the normal practice in dealing with the CA certificate as generated by the scripts that accompany FreeRadius. Am I missing some cardinal rule that says Self-signed certs are only valid for 30 days? Thanks in advance for some guidance in this area. Kent
Hi,
I'm having difficulty locating documentation on how to manage the certificates that are generated for use with WPA. It appears that no matter how long I set the Certificate Authority Certificate to be valid for, it appears to be valid for only 30 days from the day it was created.
I have already changed the variables used in the ca.cnf script for something much longer, but that still does not change anything.
What is the normal practice in dealing with the CA certificate as generated by the scripts that accompany FreeRadius. Am I missing some cardinal rule that says Self-signed certs are only valid for 30 days?
Thanks in advance for some guidance in this area.
no - its simply set either in a 'create cert' script or in the openssl configuration by default, its usually 30 days if not specified - check your eg openssl.cnf or generation scripts ("-days 365" gives you a usual year...) alan
participants (4)
-
A.L.M.Buxey@lboro.ac.uk -
Adrian -
Alan DeKok -
Kent Thomas