freeradius-client with IPv6 and DTLS

Alan DeKok aland at
Mon Dec 22 16:35:27 CET 2014

On Dec 22, 2014, at 7:11 AM, Nikos Mavrogiannopoulos <nmav at> wrote:
> I've modified the freeradius-client to simplify its API, remove all
> IPv4-only legacy code and add DTLS support (rfc7360).

  That’s a lot of work.  I’ve avoided doing that because the code in the freeradius-server implements almost everything RADIUS, and I don’t want to duplicate effort.

> The DTLS support
> I've tried to add in a transparent way, i.e., an old client could still
> have basic DTLS support only by modifying its configuration file. This
> is currently experimental code and most likely will have bugs, but I'd
> like to see any comments on the approach or possible improvements.

  As always.

> My main concern is that there have been no releases of freeradius-client
> for many years,

  Because there’s been little need.  The existing users of the code haven’t requested changes.  They need a basic RADIUS library, and not much more.  The code does that.

> although the intention is to send back the changes as
> pull requests to the original repository once they stabilize.

  Arran and I have been working on merging your changes back into the main repository.  The points of disagreement are largely code style, methods, etc.  There are sometimes things which are easy to do, but which cause problems for portability, maintainability, etc.

  As an example, the lack of a “configure” script in the repository is an issue.  We’ve had that discussion on the github issues page, but here’s the side effect:

Mac OSX:

$ ./
.. error: possibly undefined macro: AC_PROG_LIBTOOL
      If this token and others are legitimate, please use m4_pattern_allow.
      See the Autoconf documentation. error: possibly undefined macro: AM_PROG_LIBTOOL
autoreconf: /usr/local/Cellar/autoconf/2.69/bin/autoconf failed with exit status: 1

Ubuntu 14.04:

$ ./
$ ./configure
configure: creating ./config.status
config.status: error: cannot find input file: `’

  I would suggest regularly checking out the repository into a separate directory, and seeing if it builds.  Or, updating the Makefile rules so that a “make distclean” will really clean everything.

  I’ll take a look at the patches.  My guess is that most of them can be pulled over as-is.

  If it’s all right with you, I’d like to pull over all of the IPv6 fixes, and then do a release.  We can leave the DTLS code as experimental, and add it to a later release.

  Alan DeKok.

More information about the Freeradius-Devel mailing list