Received radius reply from wrong address

Oguzhan Kayhan oguzhank at bilkent.edu.tr
Thu Jul 30 11:49:06 CEST 2009


On virtual servers here is my config.

listen {
                        ipaddr = 192.168.14.210
                        port = 1812
                        type = auth
                        virtual_server = dormnet
       }

listen {
                        ipaddr = 192.168.16.210
                        port = 1812
                        type = auth
                        virtual_server = wireless
       }


so no * for ipaddr.

and also i tried 192.168.14.210 and 192.168.14.211 to check if it makes
any difference on replying a client o a different subnet.
For ex. on apache if i create 2 virtual webservices listening on 2
different ip addesses, and if a client connects it, reply goes back from
the same source and dest ip addresses.. so i think OS's IP stack forks
fine with that.
Anyway for a temporary solution i instaled another radius on a different
ip for such cases.





> Oguzhan Kayhan wrote:
>> But as i see i got the msg Received radius reply from wrong address from
>> them whenever i try to send a req to radius for authentication.
>
>   You need to put the real IP addresses into the "listen" section.
> Don't use "ipaddr = *"
>
>> It seems like radius answers back to the nas from first interface
>> instead
>> of replying from the original source address.
>
>   That is because the OS chooses how to route packets.
>
>> Isnt radius suppose to reply with the same destination address it
>> receives???
>
>   Yes.  But if it doesn't know what the destination address is, it can't
> use that to send packets.
>
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>





More information about the Freeradius-Users mailing list