Hi, I am using freeradius since four years and I used PPTP/L2TP tunnel for autenticating users against my RADIUS servers with one of my NAS has a dynamic IP (xDSL). However, I can not rely on these connections and the connectivity sometimes fall down and the tunnel, too. I have some reasons for not to use dyndns or this kind of services. I decided to autenticate my NAS using only the shared key: client 0.0.0.0/0 { secret = same_secret_for_eveyone shortname = my_network } I recognize a problem with DoS attack to my DB. I can not autenticate the client IP because I have xDSL with dynamic IP. Do you know some other solucion instead of autenticating the public IP in the authorize step? Thanks, Santiago _________________________________________________________________ ¿Sigue el calor? Consulta MSN El tiempo http://eltiempo.es.msn.com/
I am using freeradius since four years and I used PPTP/L2TP tunnel for autenticating users against my RADIUS servers with one of my NAS has a dynamic IP (xDSL). However, I can not rely on these connections and the connectivity sometimes fall down and the tunnel, too.
I have some reasons for not to use dyndns or this kind of services.
I decided to autenticate my NAS using only the shared key:
client 0.0.0.0/0 { secret = same_secret_for_eveyone shortname = my_network }
I recognize a problem with DoS attack to my DB.
I can not autenticate the client IP because I have xDSL with dynamic IP. Do you know some other solucion instead of autenticating the public IP in the authorize step?
Yes. Use 2.1.1. Have a look at raddb/sites-available/dynamic-clients. Ivan Kalik Kalik Informatika ISP
I can not autenticate the client IP because I have xDSL with dynamic IP. Do you know some other solucion instead of autenticating the public IP in the authorize step?
Yes. Use 2.1.1. Have a look at raddb/sites-available/dynamic-clients.
The dynamic clients work well.... Except, the Public IP is still the _only_ commodity available to available to authenticate the client. Alan is working on making other Attributes (e.g. Nas-Identifier) available as well. Should be released soon. Johan Meiring Cape PC Services CC / Amobia Communications Tel: (021) 883-8271 / (0861) AMOBIA Fax: (021) 886-7782 / (0861) AMOFAX
participants (3)
-
Johan Meiring -
Santiago Balaguer García -
tnt@kalik.net