Client IP Address , Packet-Src-IP-Address

Alan DeKok aland at
Wed May 2 14:19:30 CEST 2007

Arran Cudbard-Bell wrote:
>          Autz-Type eap-internal {
>                  mschap
>                  # Grab NT-Password from directory for use in MSChap-V2
>                  ldap
>                  # Read Authorisation groups from SQL Server
>                  sql
>          }
> Which speeds things up a great deal when doing EAP...

  In the CVS head, I'm looking into adding a "tunnel is ready for
credentials" flag inside of the EAP module.  It will normally return
"updated" during ssl setup, and "ok" when the current packet needs
authentication credentials.

> Unfortunately this breaks anything which relies on Packet-Src-IP-Address 
> / Client-IP-Address
> As they will be *sigh*
> Can you see any way of getting round this ?

  Hmm.... src/main/util.c has request_alloc_fake(), which initializes
the tunneled request.  It may be worth changing it to copy the outer
tunnel source/dest IP's and ports.

  Alan DeKok.
--       - The web site of the book - The blog

More information about the Freeradius-Devel mailing list