FreeRadius + FreeBSD + ipv6

Johann Hugo jhugo at meraka.csir.co.za
Mon Dec 6 10:41:40 CET 2010 

Oops

It should be:

ganymede# ifconfig 
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC>
        ether 00:1c:c0:fb:dc:67
        inet 146.64.8.17 netmask 0xffffff00 broadcast 146.64.8.255
        inet6 fe80::21c:c0ff:fefb:dc67%em0 prefixlen 64 scopeid 0x1 
        inet6 2001:4200:7000:1:21c:c0ff:fefb:dc67 prefixlen 64 


listen {
        type = auth
        #ipaddr = *
        #ipv6addr = ::
        ipv6addr = 2001:4200:7000:1:21c:c0ff:fefb:dc67
        port = 0
}

radius -X
...
Failed binding to authentication address 2001:4200:7000:1:21c:c0ff:fefb:dc67 
port 1812: Can't assign requested address 
/usr/local/etc/raddb/radiusd.conf[31]: Error binding to port for 
2001:4200:7000:1:21c:c0ff:fefb:dc67 port 1812

But this works for radiusd

listen {
        type = auth
        #ipaddr = *
        ipv6addr = ::
        #ipv6addr = 2001:4200:7000:1:21c:c0ff:fefb:dc67
        port = 0
}

radius -X
...
Listening on authentication address * port 1812
Listening on authentication address :: port 1812
Listening on accounting address * port 1813
Listening on command file /var/run/radiusd/radiusd.sock
Listening on proxy address * port 1814
Ready to process requests.


ganymede# sockstat | grep 1812
freeradius radiusd  39438 5  udp4   *:1812                *:*
freeradius radiusd  39438 6  udp6   *:1812                *:*

But I never see the IPv6 packets going out of the ethernet interface with 
tcpdump

Johann

On Monday, December 06, 2010 11:21:05 am Thorsten Fischer wrote:
> Excerpts from Johann Hugo's message of Mon Dec 06 09:01:09 +0000 2010:
> > I'm busy with a FreeRadius Eduroam setup, but it only works with ipv4 and
> > not with ipv6.
> 
> You seem to be using the same ipv6 address for your proxy as well as for
> the eduroam proxy; is that intentional?
> 
> From example 1:
> > Sending Access-Request of id 172 to 2001:4200:ffff:14:5054:17ff:fe36:5d3d
> > port 1812
> 
> From example 3:
> > listen {
> > 
> >         type = auth
> >         ipv6addr = 2001:4200:ffff:14:5054:17ff:fe36:5d3d
> >         port = 0
> > 
> > }
> 
> If not, then it would explain why you do not see anything in your tcpdump
> on an interface, because it's being delivered locally, and why it works
> when you bind to ::, because it just binds to a different address than the
> one you think you should be using.
> 
> > Failed binding to authentication address
> > 2001:4200:ffff:14:5054:17ff:fe36:5d3d port 1812: Can't assign requested
> > address
> > /usr/local/etc/raddb/radiusd.conf[32]: Error binding to port for
> > 2001:4200:ffff:14:5054:17ff:fe36:5d3d port 1812
> 
> Maybe that just isn't your local address.
> 
> $ ping6 -c1 eduroam0.sanren.ac.za
> PING eduroam0.sanren.ac.za(2001:4200:ffff:14:5054:17ff:fe36:5d3d) 56 data
> bytes 64 bytes from 2001:4200:ffff:14:5054:17ff:fe36:5d3d: icmp_seq=1
> ttl=56 time=236 ms
> 
> Resolves correctly for the eduroam proxy.
> 
> 
> Cheers,
> 
> t
> 
> --
> Thorsten Fischer, BOWL Project Administrator
> <thorsten at net.t-labs.tu-berlin.de>
> Technische Universität Berlin, FG INET, TEL16, 18th floor
> Ernst-Reuter-Platz 7, 10587 Berlin, Germany
> Tel: +49 30 835358542, Fax: +49 391 53478347
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list