question re inner tunnel / virtual server

Michael Arndt michael.arndt at berlin.de
Sun Apr 24 18:24:20 CEST 2011


Hi *,

i try to get a better grip in understanding the virtual server for inner eap
tunnel. 
Please forgive if any of the following statements represents misunderstanding
of concepts from my side.

Which of the following statements describe the inner tunnel virtual server
for EAP wrong / correct ?

EAP:

-The eap module can map  tunneled requests to a virtual server ( inner tunnel )

- It "knows" where to communicate by freeradius reading the virtual servers
  configs in sites-enabled

-So the Port configured for the inner tunnel virtual server (statement  valid only for this inner tunnel VS) 
 is only relevant wrt external  for testing purposes in order to test correct freeradius config wrt EAP

-freeradius handles the communication to the inner tunnel with the above mentioned
 mapping of the eap module. So in productive use there is no need to reference
 the Port for the inner tunnel ( except when proxying  or using the test for EAP to check for a valid config )

-the main goal of the inner tunnel virtual server is to allow
 completely independent policies for  outer / inner tunneled sessions. 

hope i did not fall for to many misunderstandings

TIA
Micha




More information about the Freeradius-Users mailing list