Failure authenticate using IPv6
Phil Mayers
p.mayers at imperial.ac.uk
Fri May 24 09:38:09 CEST 2013
On 05/24/2013 05:18 AM, Stefan Winter wrote:
> simply isn't an IPv6 address
Very true.
> "fe80::215:17ff:fed0:d278%eth0"
>
> is the valid address. I don't know if the FreeRADIUS address parser is
> prepared to handle such interface-scoped addresses. There's not much use
> case for this.
Not sure I could agree with that; I can think of a bunch of use-cases
for LL. In particular, a nice property of LL is that you know the
request definitely came from the same link, which could be useful in
some proxying scenarios e.g. 2-level ORPS hierarchy.
But you're right that in general, using a global address makes more sense.
More information about the Freeradius-Users
mailing list