Duplicate IPs for Radius Clients with different secrets
me at egeier.com
Tue Dec 16 16:46:16 CET 2008
The best solution I can think of that I want to mimic is SecureMyWiFi from
WiTopia, a hosted radius service (www.witopia.net). Their service works just
like I want.
> > Are you saying it would work, FreeRADIUS would respond to the
> > sites?
> Yes. This is how *any* networking protocol works.
Would the server see request from just coming from the Internet IPs or
individual APs...meaning would I have to list each location's Internet IP in
the client.conf file? I want to be able to list each AP IP individually,
tagged with the domain it belongs to.
> >> of course, you could really freak things out by using
> >> VPN tunnels from the inside networks of each site direct to
> >> the FreeRADIUS box - but if all your sites use the same range
> >> of addresses then the server wouldnt have a clue at all of which
> >> tunnel to send the reply down!
> > Why would I want to VPN to the server?
> So that your RADIUS packets aren't sent over the Internet in the
Gotcha, I need to read more about this.
> >> with latest version 2.x of FreeRADIUS you can have dynamic clients
> >> etc which can select the correct shared secrets depending on
> >> special DB lookups etc - but thats not a choice for you currently.
> > Yes I read about this, and I'll be upgrading soon and moving to
> Linux. When
> > writing the DB lookups, can I use the User-Name attribute pulled from
> > requests?
> No. Only the source IP address.
Then I'm not sure how I would pull the correct shared secrets...unless it
all works per internet IP rather than per AP.
> > This will I think let me search for shared secret based on both
> > the RadiusClient IP and the domain....the other server I tried
> couldn't do
> > this. I would also consider using the MAC address of the AP instead
> or in
> > addition to the domain.
> I don't think that's necessary. The source IP address should be good
Same as above.
More information about the Freeradius-Users