Radclient receives response messages from different source port than destination port of request messages

rosario.mattera at accenture.com rosario.mattera at accenture.com
Thu May 30 14:54:10 CEST 2013


Thanks for your answer, Arran.

Regards,
Rosario

-----Original Message-----
From: freeradius-users-bounces+rosario.mattera=accenture.com at lists.freeradius.org [mailto:freeradius-users-bounces+rosario.mattera=accenture.com at lists.freeradius.org] On Behalf Of Arran Cudbard-Bell
Sent: giovedì 30 maggio 2013 14:27
To: FreeRadius users mailing list
Subject: Re: Radclient receives response messages from different source port than destination port of request messages


On 30 May 2013, at 05:23, rosario.mattera at accenture.com wrote:

> Hi Alan,
>
> I would like to specify that I'm using radclient as a RADIUS proxy.

Um. Why?

> I reach the RADIUS server through a load balancer. The server uses ports other than 1812 and 1813 in its responses because the matching between requests and responses is done through the Proxy-State attribute. This behavior is implemented in a very famous European Telco operator.

This behaviour is wrong and not standards compliant. No where in RFC 2865 or any more recent RADIUS RFCs does it describe a method of tying requests and responses using Proxy-State.

> In radclient is not implemented any mechanism to support this behavior?

No.

> Can you confirm that the current implementation of radclient, realizes the matching between requests and responses using also the source port of the responses?

Yes.

Arran Cudbard-Bell <a.cudbardb at freeradius.org> FreeRADIUS Development Team

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited.

Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy.

______________________________________________________________________________________

www.accenture.com



More information about the Freeradius-Users mailing list