udpfromto works for the server but not from radclient

Alan DeKok aland at deployingradius.com
Tue Aug 11 16:10:07 CEST 2009

Joe Maimon wrote:
> I have not tried that. I can try that, but it is sub-optimal, since the
> server configuration is intended to be as identical as possible across
> multiple hosts.

  Of course.

> There is a third option, instead of only specific listen sockets or a
> single * socket, which if I recall correctly, bind9 uses.
> Periodically scan the system for all ip addresses and create a listening
> socket for each one in response to ipaddr = *, instead of creating a
> single socket for all system ip addresses.

  Ugh.  That's disgusting.

  If Bind or ISC DHCP does something, that's a good reason *not* to do it.

>>   I find it a little hard to understand how it can choose the wrong
>> source IP for responses.
> It does, with ipaddr = * when built without udpfromto support.

  Yes.  Because the machine has a primary interface with an IP, and an
alias with another IP.  The *kernel* decides the source IP of the reply.
 It chooses the primary IP, even though the packet was sent to the
secondary IP.

> The default debian build includes it, and the system includes multiple
> ip addresses on loopback interfaces aside from interface addresses, all
> need to work correctly.

  OK.  So the issue is getting radclient to work with udpfromto.

  Alan DeKok.

More information about the Freeradius-Devel mailing list