Failure authenticate using IPv6

Phil Mayers p.mayers at imperial.ac.uk
Fri May 24 09:38:09 CEST 2013


On 05/24/2013 05:18 AM, Stefan Winter wrote:

> simply isn't an IPv6 address

Very true.

> "fe80::215:17ff:fed0:d278%eth0"
>
> is the valid address. I don't know if the FreeRADIUS address parser is
> prepared to handle such interface-scoped addresses. There's not much use
> case for this.

Not sure I could agree with that; I can think of a bunch of use-cases 
for LL. In particular, a nice property of LL is that you know the 
request definitely came from the same link, which could be useful in 
some proxying scenarios e.g. 2-level ORPS hierarchy.

But you're right that in general, using a global address makes more sense.


More information about the Freeradius-Users mailing list