Hi All, I have several NAS / Hotspots installed behind a NAT. They are all WRT54GL routers with OpenWRT + Chili and authenticating against FreeRadius + DaloRadius which is NOT in this NAT. Meaning FreeRadius sees all of the WRT's as coming from the same public IP, which also happens to be dynamic. My question is, can I authenticate and maintain session based on the NAS MAC address as apposed to the public dynamic ip address? Moving the Radius server into the NAT is not an option as it is being hosted in a different country. Thanks for the help, Jacob
Jacob Baloul wrote:
I have several NAS / Hotspots installed behind a NAT. They are all WRT54GL routers with OpenWRT + Chili and authenticating against FreeRadius + DaloRadius which is NOT in this NAT. Meaning FreeRadius sees all of the WRT's as coming from the same public IP, which also happens to be dynamic. My question is, can I authenticate and maintain session based on the NAS MAC address as apposed to the public dynamic ip address?
The server doesn't support this. Running multiple NASes behind a NAT is a really bad idea. The simplest solution is to put a RADIUS proxy inside the NAT, and proxy the RADIUS packets over IPSec to the server. Alan DeKok.
participants (2)
-
Alan DeKok -
Jacob Baloul