Dual Stack RadSec
Adam Bishop
Adam.Bishop at ja.net
Thu Nov 14 14:54:39 CET 2013
On 14 Nov 2013, at 13:35, Phil Mayers <p.mayers at IMPERIAL.AC.UK> wrote:
> Same as with OpenSSH; a single TCP socket, listening on IPv6, gets both IPv4 and IPv6 connect attempts, with the v4 source appearing as a mapped address.
Yup, this is what I mean - 1.2.3.4 becomes ::ffff:1:2:3:4, controlled by the sysctl knob 'net.ipv6.bindv6only'.
> Moderately useful approach, IMO, but FR would need code to recognise the mapped addresses, extract the v4 original and use that for client{} lookups and similar.
I wouldn't even go that far - unless you're using DNS names in the client block, I'd just list the client with the full ::ffff: address in my configuration (being as IPv4 is legacy anyway!).
Regards,
Adam Bishop
gpg: 0x6609D460
Janet, the UK's research and education network.
Janet(UK) is a trading name of Jisc Collections and Janet Limited, a
not-for-profit company which is registered in England under No. 2881024
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Oxford, Didcot, Oxfordshire. OX11 0SG. VAT No. 614944238
More information about the Freeradius-Users
mailing list