Query on UDP proxy socket using freeradius version 3.0.16
Matthew Newton
mcn at freeradius.org
Fri Jun 16 18:09:14 UTC 2023
On 16/06/2023 18:40, saurabha badhai wrote:
> Based on proxy udp src port load balancer map the request to a AAA, so if a
> src port is mapped to AAA1 for few initial access request and
> access-challenge before accept, if next request get proxied with a new src
> port then load balancer sends to a different AAA, may be AAA2 which reject
> it.
That's a crazy way to do it based on false assumptions.
You want to determine the destination location by looking at an
ephemeral source port. Some basic thoughts about this should start to
ring alarm bells.
If you've really got to NAT stuff, use a block of IPs and get FreeRADIUS
to send to an individual IP per customer, and NAT based on that. Or use
one IP and configure FreeRADIUS to connect to a different port per
customer, and NAT based on *destination* port.
Doing what you are doing is asking for trouble, which is exactly what
you've got.
> Because of freeradius udp port change request get rejected.
>
> That's why I asked this query ita related to freeradius.
No, it's broken assumptions because of not understanding the way
networking works.
--
Matthew
More information about the Freeradius-Devel
mailing list