Multiple clients on same IP address

Alexander Clouter alex at digriz.org.uk
Mon Dec 21 15:48:55 CET 2009


Fahd Kasri <fahd.kasri at weblib.eu> wrote:
> 
> Is it possible to have multiple Radius clients behind a router connect to a
> distant Freeradius server (these clients would therefore have the same IP
> address and be the same client in clients.conf)?
> I've this and apparently it works, but could there be any problems in the
> long run?
> 
They would either:
 * need to use the same shared secret
 * connect to different IP's provisioned by FreeRADIUS (the server is 
	bind()'ed to more than one address)
 * send traffic to different port numbers being listened to by 
	FreeRADIUS (listens on ports other than the 'official' ones)

You can use a combination of the above (if you are crazy), but you will 
need to use at lease *one*.  The alternative is to kill NAT...for it is 
evil[1].

Cheers

[1] if the network is 'trusted' then use an IPIP/GRE tunnel to get the 
	traffic to the RADIUS server

-- 
Alexander Clouter
.sigmonster says: A dead man cannot bite.
                  		-- Gnaeus Pompeius (Pompey)




More information about the Freeradius-Users mailing list