udpfromto works for the server but not from radclient

Joe Maimon jmaimon at ttec.com
Tue Aug 11 15:55:03 CEST 2009



Alan DeKok wrote:
> Joe Maimon wrote:
>> Is there any compelling reason to have udpfromto in the radclient code
>> path?
> 
>   Not really.  It's just easier to use a common API to create sockets

Thats what I thought.

> 
>> If the server only sockets on a single address, I assume it will work
>> fine, but only on that address. I need the server to have listening
>> sockets on at least three addresses.
> 
>   That's not quite what I meant.
> 
>   If you have 3 "listen" sections, each using:
> 
> 	ipaddr = 192.168.x.y
> 
>   What does it do?  Does it send packets from the correct source IP?

I have not tried that. I can try that, but it is sub-optimal, since the 
server configuration is intended to be as identical as possible across 
multiple hosts.

There is a third option, instead of only specific listen sockets or a 
single * socket, which if I recall correctly, bind9 uses.

Periodically scan the system for all ip addresses and create a listening 
socket for each one in response to ipaddr = *, instead of creating a 
single socket for all system ip addresses.

> 
>> I am using fairly recent git.
> 
>   I find it a little hard to understand how it can choose the wrong
> source IP for responses.

It does, with ipaddr = * when built without udpfromto support.

> 
>   Why do you need udpfromto support?

The default debian build includes it, and the system includes multiple 
ip addresses on loopback interfaces aside from interface addresses, all 
need to work correctly.


> 
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
> 
> 



More information about the Freeradius-Devel mailing list