Identifying Virtual-Server from Inner-Tunnel

Matthew Newton mcn4 at
Fri Oct 5 00:21:57 CEST 2012

On Thu, Oct 04, 2012 at 01:07:57PM -0600, Jordan Dohms wrote:
> - Depending on the virtual server the request was received through,
> call a different mschap module from the inner-tunnel or reject the
> request. (not working)

You've gone to the hassle of duplicating RADIUS server configs in
your clients and sending requests to different ports, so you could
do your check based on Packet-Dst-Port.

> If there's a better/cleaner/simpler way to do this, I'm all ears.

If there is something in the packet that can indicate which
network is being connected to, you likely don't need to use two
ports as you can just do it all in one server (testing based on
that attribute). For example, with wireless networks, you can
usually get the SSID in the request somehow.

> virtual-server?  Should I need to set a separate variable in the
> outer-server and read it below?

I guess that's another way of doing it. Personally unless
functionality was a lot different (which it doesn't sound like it
is), I'd probably do it all in one outer server and test based on
request attribute or Packet-Dst-Port, but if it works then it's



Matthew Newton, Ph.D. <mcn4 at>

Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at>

More information about the Freeradius-Users mailing list