Query on UDP proxy socket using freeradius version 3.0.16

Matthew Newton mcn at freeradius.org
Fri Jun 16 18:09:14 UTC 2023

On 16/06/2023 18:40, saurabha badhai wrote:
> Based on proxy udp src port load balancer map the request to a AAA, so if a
> src port is mapped to AAA1 for few initial access request and
> access-challenge before accept, if next request get proxied with a new src
> port then load balancer sends to a different AAA, may be AAA2 which reject
> it.

That's a crazy way to do it based on false assumptions.

You want to determine the destination location by looking at an 
ephemeral source port. Some basic thoughts about this should start to 
ring alarm bells.

If you've really got to NAT stuff, use a block of IPs and get FreeRADIUS 
to send to an individual IP per customer, and NAT based on that. Or use 
one IP and configure FreeRADIUS to connect to a different port per 
customer, and NAT based on *destination* port.

Doing what you are doing is asking for trouble, which is exactly what 
you've got.

> Because of freeradius udp port change request get rejected.
> That's why I asked this query ita related to freeradius.

No, it's broken assumptions because of not understanding the way 
networking works.


More information about the Freeradius-Devel mailing list