lifetime and idle_timeout in clients.conf

Alan DeKok aland at deployingradius.com
Sun Apr 15 11:17:21 CEST 2012


Jason Rohm wrote:
> In many cases I don't control the firewall, so I have to account for this.
> Additionally, not putting a reasonable lifetime limit on TCP connections
> opens you up to NAT-based DoS attacks.

  Yes.

>>  When FreeRADIUS acts as client (i.e. proxy to home server), it will
>> send watchdog packets.
> 
> Is this default, or do I need to configure it? If it is default, it
> doesn't seem to be working in my configuration.

  It *should* work.  It's a bit of a mystery why it doesn't.  It should
be fixed before 3.0 is released.

  Alan DeKok.


More information about the Freeradius-Users mailing list