Max listening ports

Kev Pearce email.me at kevp.com
Thu Nov 13 15:52:06 CET 2014


> >>> I'd like to run a FR with more than 256 virtual servers/listening
ports.
> >>   Why?  That's a bit unusual.
> >
> > It's for multi-tenancy by port.
> 
>   That isn't necessary.  See the "virtual_server" example in clients.conf.
It is
> intended for this EXACT purpose.
>

My multi-tenancy needs to work like this:

Each customer gets their own udp port to authenticate to.
They have their own shared secret that applies to all their clients (i.e any
client that connects to their udp port).
They can have any client IP address authenticate, use their own shared
secret and authenticate their own user list (in mysql).

What I have built is a virtual server per customer.
Each VS has its own listen port and has its own shared secret (using dynamic
clients read from mysql, looked up by a udp port field).
The shared secret is setup using 128.0.0.0/1 and 0.0.0.0/1 CIDR hosts read
by dynamic clients (as per previous posts I made).
This then allows any client to auth to that udp port with that customers
shared secret.

If there is any way to isolate 'lots' of customer so they each have their
own port and shared secret without lots of seperate virtual servers I'd
definitely be interested.

I use the port as part of my sql queries to authorise users and all this
works absolutely great.

Cheers

Kev/.





More information about the Freeradius-Devel mailing list