CoA proxying again

[Bjørn Mork]

Hello,

I am trying to setup CoA proxying to a number of Juniper MXes.  These
are a bit clumsy to configure as CoA servers: The CoA clients cannot be
configured explicitly.  Instead they reuse the auth/acct configuration,
including secret, for CoA clients.

So I have a few hundred CoA servers (NASes), and 3 radius servers
authorized as CoA clients.  Using FreeRADIUS to proxy CoA requests from
ther real CoA clients looks like a perfect solution.

My problem is that the configuration seems a bit clumsy, given that I
cannot really change neither IP address nor secret from what's already
there in the FreeRADIUS client definition.  It would have been ideal to
just add a flag or whatever, saying that "this client is also a CoA
server", and allowing direct proxy to it using some virtual attribute.

My current working configuration requires a separate static home_server
and home_server_pool definition pointing to it for *each* NAS, as the
only way I've found to redirect the CoA packets is by setting
Home-Server-Pool.

The documentation talks about Proxy-To-Realm as well, but I've been
unable to find any parameter allowing me to configure a realm for
CoA. realms only have auth{_pool,host} and acct{_pool,host} AFAICT.

The per client CoA configuration doesn't look like anything I can use at
all.  If I understand it correctly, that's only for the *CoA clients*.

Is this a correct view of the current (2.1.x) state of CoA proxying, or
did I miss something?

I believe I saw a request for dynamic home servers recently.  Looks like
that might be something for me as well. 



Bjørn