MySQL connection over SSL possible?

Anders Holm anders.holm at sysadmin.ie
Thu Jun 12 17:34:06 CEST 2008


2008/6/12 Nicolas Goutte <nicolas.goutte at extragroup.de>:

[snip]

For me it has worked since then. I have seen only one of each of your
> messages.
>
> Have a nice day!
>

Excellent! One problem solved, and on to the next one.

To get back on topic a tad then so, and to describe my experience with the
SSL side of things ...

I've managed to get stunnel working happily. A few things of note there
though ..

A/ It wasn't possible to set port numbers for some reson for the SQL
connection. Default port was the only way to get it working.
B/ Due to A, what I then did was to create virtual interfaces on the
loopback interface, as many needed as there are backend SQL servers.
C/ Setup stunnel in client mode on the radius box. Forward each <virtual
interface>:3306 to <db_host>:<pick a good port>
D/ Setup stunnel on <db_host> in server mode. Forward <all_interfaces>:<your
good port> to <localhost>:3306
E/ Change sql.conf to point each sql server to the respective virtual
interface...

When I tried setting the port number to something different I used "port =
<port number>" .. That yielded "cannot connect to server using socket" error
when running radiusd in debug mode.

So, there's two things to take away from that experience.

1/ SSL would be a great option to add to the MySQL shim.
2/ Ability to change port numbers of the MySQL server. Someone may need it,
for some interesting reason.

I hope this helps others with similar requirements! If I find the time I'll
see if I can brush up enough of my C knowledge to create a patch or two for
these things, but no promises. Incidentally, I'm also heading off on
vacation for a bit, so it won't be tomorrow.. :)

//anders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080612/607d05cf/attachment.html>


More information about the Freeradius-Users mailing list