Dynamic clients and NAS-Identifier

Santiago Balaguer García santiagoawa at hotmail.com
Wed May 20 11:51:49 CEST 2009


> > I'm sure that I'm not the only one that have NAS's behind dynamic IPs,
> > and this would make radius traffic from such NAS's much more secure.


OK, if you have Dynamic public IP you have two options:

 1) use a DNS to identify the dynamic IP of your hotspot. It means that your DSL router or hotspot has capability to update its public IP every x minutes. You can use dyndns.org service. DSL routers normally have this feature.

 

  2) Install a VPN tunnel like PPPTP/L2TP/OVPN... and route all the autentication request for this range. For instance, you have your radius server with IP 10.200.0.11 and your NASes with 10.200.0.x range. All the auth request are sent by the tunnel, so all ones are valid.

 

  I tried both methods with good results. However second option is better because you have another way to access to your hotspots since you know which is hotspot IP (tunnel IP (10.200.0.x)).

 

   Santiago 


_________________________________________________________________
¡Quítate unos clics! Ahora, Internet Explorer 8 tiene todo lo que te gusta de Windows Live ¡Consíguelo gratis! 
http://ie8.msn.com/microsoft/internet-explorer-8/es-es/ie8.aspx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090520/5f2d07ba/attachment.html>


More information about the Freeradius-Users mailing list