Multiple clients on same IP address
Alexander Clouter
alex at digriz.org.uk
Mon Dec 21 15:48:55 CET 2009
Fahd Kasri <fahd.kasri at weblib.eu> wrote:
>
> Is it possible to have multiple Radius clients behind a router connect to a
> distant Freeradius server (these clients would therefore have the same IP
> address and be the same client in clients.conf)?
> I've this and apparently it works, but could there be any problems in the
> long run?
>
They would either:
* need to use the same shared secret
* connect to different IP's provisioned by FreeRADIUS (the server is
bind()'ed to more than one address)
* send traffic to different port numbers being listened to by
FreeRADIUS (listens on ports other than the 'official' ones)
You can use a combination of the above (if you are crazy), but you will
need to use at lease *one*. The alternative is to kill NAT...for it is
evil[1].
Cheers
[1] if the network is 'trusted' then use an IPIP/GRE tunnel to get the
traffic to the RADIUS server
--
Alexander Clouter
.sigmonster says: A dead man cannot bite.
-- Gnaeus Pompeius (Pompey)
More information about the Freeradius-Users
mailing list