I am wondering is it possible to configure one server using a single IP to handle PPTP/IPSEC <---> freeradius? Does it make sense (or possible) to create a virtual servers against PPTP and IPSEC separately? I am just wondering what's the best practice. I don't want to increase number of hardware so things can be segregated either. Thanks,
On 22/09/2013 15:12, WorkingMan wrote:
I am wondering is it possible to configure one server using a single IP to handle PPTP/IPSEC <---> freeradius? Does it make sense (or possible) to create a virtual servers against PPTP and IPSEC separately? I am just wondering what's the best practice. I don't want to increase number of hardware so things can be segregated either.
This is a pretty vague question. Yes, it is possible to use a single server and single IP for both PPTP and IPSec RADIUS auth. It might or might not make sense to use a virtual server - it depends what you want to achieve. Without a more specific question, I doubt you'll get a useful answer.
WorkingMan wrote:
I am wondering is it possible to configure one server using a single IP to handle PPTP/IPSEC <---> freeradius?
Yes.
Does it make sense (or possible) to create a virtual servers against PPTP and IPSEC separately?
If you want. Read raddb/sites-available/README. It contains a lot of documentation on virtual servers, clients, and how they work together.
I am just wondering what's the best practice. I don't want to increase number of hardware so things can be segregated either.
Uh... virtual servers don't require additional hardware. Alan DeKok.
Alan DeKok <aland <at> deployingradius.com> writes:
WorkingMan wrote:
I am wondering is it possible to configure one server using a single IP
to
handle PPTP/IPSEC <---> freeradius?
Yes.
Does it make sense (or possible) to create a virtual servers against PPTP and IPSEC separately?
If you want. Read raddb/sites-available/README. It contains a lot of documentation on virtual servers, clients, and how they work together.
I am just wondering what's the best practice. I don't want to increase number of hardware so things can be segregated either.
Uh... virtual servers don't require additional hardware.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
So from what I gather I can make my VPN servers pointing to different ports (in strongswan.conf) and have freeradius's listen{} pointing to matching ports but I can keep the same IP for the virtual servers. radius.conf: listen { ipaddr = 192.168.1.100 port = 49001 virtual_server = s_ipsec } listen { ipaddr = 192.168.1.100 port 0 # use default virtual_server = s_pptp } Does this look correct (or at least conceptually)? My test indicates VPN/RADIUS are talking to each other. Thanks,
WorkingMan wrote:
So from what I gather I can make my VPN servers pointing to different ports (in strongswan.conf) and have freeradius's listen{} pointing to matching ports but I can keep the same IP for the virtual servers.
Yes.
Does this look correct (or at least conceptually)? My test indicates VPN/RADIUS are talking to each other.
If it works, it works. Alan DeKok.
participants (3)
-
Alan DeKok -
Phil Mayers -
WorkingMan