IPv6 ready?

[Fajar A. Nugraha]

On Mon, Oct 31, 2011 at 3:11 PM, Sergio NNX <sfhacker at hotmail.com> wrote:
> Ciao.
>
> Just wondering if FR supports IPv6 addresses

Sure it does. If you want it to listen on both ipv4 and ipv6, just add
extra "listen" blocks

listen {
        ipv6addr = ::
        port = 0
        type = auth
}

listen {
        ipv6addr = ::
        port = 0
        type = acct
}

... which would result in something like this on debug log

Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on authentication address :: port 1812
Listening on accounting address :: port 1813


> since I'm unable to start the
> server when using IPv6.

You should be. Just to be safe, use latest version (I'm using 2.1.12)

>
> I've changed (or uncommented) a couple of lines in radiusd.conf under
> 'listen' section: ipv6addr = :: and then I tried to start the server but no
> way. It works ok when using IPv4.

You might want to add listen blocks instead of editing them.

>
> FR spits out: Failed binding to authentication address 0:0: .... port 1812:
> Bad file descriptor.
> FR server has been built with IPv6 support.
>
> Another question is: are you aware of any (client) tool for testing FR when
> using IPv6 addresses? eapol_test doesn't seem to know anything about :: or
> ::1

Ask wpa_supplicant developers :)

FR's radtest/radclient has both ipv4 and v6 support. So you can do
something like

$ radtest -4 testuser testpass localhost 0 testing123
$ radtest -6 testuser testpass localhost 0 testing123

... which would test ipv4 and ipv6 address of localhost (assuming your
/etc/hosts is set correctly)

>
> Do the below lines from radiusd.conf require any change when IPv6?
>
> ...
> ...
> detail {
>              detailfile =
> ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d.log
>     }

Probably. FreeRADIUS-Client-IPv6-Address?

I use sql, and hardcode detailfile path when necessary (e.g. when
using buffered-sql)

-- 
Fajar