udpfromto works for the server but not from radclient
Alan DeKok
aland at deployingradius.com
Tue Aug 11 16:10:07 CEST 2009
Joe Maimon wrote:
> I have not tried that. I can try that, but it is sub-optimal, since the
> server configuration is intended to be as identical as possible across
> multiple hosts.
Of course.
> There is a third option, instead of only specific listen sockets or a
> single * socket, which if I recall correctly, bind9 uses.
>
> Periodically scan the system for all ip addresses and create a listening
> socket for each one in response to ipaddr = *, instead of creating a
> single socket for all system ip addresses.
Ugh. That's disgusting.
If Bind or ISC DHCP does something, that's a good reason *not* to do it.
>> I find it a little hard to understand how it can choose the wrong
>> source IP for responses.
>
> It does, with ipaddr = * when built without udpfromto support.
Yes. Because the machine has a primary interface with an IP, and an
alias with another IP. The *kernel* decides the source IP of the reply.
It chooses the primary IP, even though the packet was sent to the
secondary IP.
> The default debian build includes it, and the system includes multiple
> ip addresses on loopback interfaces aside from interface addresses, all
> need to work correctly.
OK. So the issue is getting radclient to work with udpfromto.
Alan DeKok.
More information about the Freeradius-Devel
mailing list