Proxy with two interfaces configuration

D'AVELLA STEFANO Stefano.DAvella at alcatel-lucent.com
Thu Feb 12 15:37:17 CET 2009


Hello all,

I am using freeradius 2.1.0 on two ubuntu machines, one of which is
configured as server and one as proxy.
The network is configured in ipv6 but that's not the problem here
(everything regarding ipv6 works well now)
I am trying to create a testbed where there is three machines:

-one server, which listens to an interface
-one client (for testing I am just using radclient) that sends auth
requests to a proxy
-one proxy, in the middle of the two other machines, that proxies auth
requests to the server. This proxy has two interfaces, one connected to
the client and one to the server.

All following ipv6 addresses are to be read with global scope (but as I
said, if they were ipv4 it would be the same I think)

Server address : 2001::400 
Proxy (interface to the server) 2001::300
Proxy (interface to the client) 2000::300
Client 2000:200 

Now when I try to run the test what it happens is that the client sends
the auth request, the proxy correctly forwards it to the server, and the
server correctly authenticate the client. The problem is that the proxy
sends the proxied message with the address 2000::300, not 2001::300.
When the server tries to reply to the proxy, it tries to send the packet
to 2000::300 but since it is a different network there is no route for
it.

I have been searching for a while in the users / radiusd.conf /
clients.conf / proxy.conf for a option to set the proxy ip address when
proxying messages. It seemed to me that I saw something like that , but
if I did I just can't find it again.

If it exists it would be sufficient to tell me where to find it and I
will hopefully solve this issue on my own.

I attach some config files:

Server:
Clients.conf

# IPv6 Client
client 2000::300 {
	nastype         = other
	secret		= testing123
	shortname	= relay
}
(if I set 2001::300 it tells me that it receives a packet from the
unknown host 2000::300 and discards it)

Radiusd.conf

listen {
#	ipaddr = *
	ipv6addr = 2001::400
	port = 0
	type = auth
}

Proxy
Clients.conf

# IPv6 Client
client 2000::200 {
	secret		= testing123
	shortname	= mobile
}

Proxy.conf

home_server rad_server {
	type = auth
	ipv6addr = 2001::400
	port = 1812
	secret =testing123
}
home_server_pool my_auth {
	type = fail-over
	 home_server = rad_server
}
realm example.com {
	auth_pool = my_auth
}
(example.com is the realm I use in the test)


P.S: another quick question. It is possible with some logging option (or
in other ways) to save  the attributes that the server adds to the auth
accept message locally in a file in the proxy machine? I saw that there
is some options to add/modify the attributes in the reply, but it is
possible to save them in a file?

Thanks in advance for the help and sorry if I am missing out something
obvious.

Best Regards,

--
D'Avella Stefano
Bell Labs
Alcatel-Lucent
Centre de Villarceaux
Route de Villejust
91625 NOZAY

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090212/7fac741a/attachment.html>


More information about the Freeradius-Users mailing list