Dual Stack RadSec

Adam Bishop Adam.Bishop at ja.net
Thu Nov 14 14:54:39 CET 2013

On 14 Nov 2013, at 13:35, Phil Mayers <p.mayers at IMPERIAL.AC.UK> wrote:
> Same as with OpenSSH; a single TCP socket, listening on IPv6, gets both IPv4 and IPv6 connect attempts, with the v4 source appearing as a mapped address.

Yup, this is what I mean - becomes ::ffff:1:2:3:4, controlled by the sysctl knob 'net.ipv6.bindv6only'.

> Moderately useful approach, IMO, but FR would need code to recognise the mapped addresses, extract the v4 original and use that for client{} lookups and similar.

I wouldn't even go that far - unless you're using DNS names in the client block, I'd just list the client with the full ::ffff: address in my configuration (being as IPv4 is legacy anyway!).


Adam Bishop

 gpg: 0x6609D460

Janet, the UK's research and education network.

Janet(UK) is a trading name of Jisc Collections and Janet Limited, a 
not-for-profit company which is registered in England under No. 2881024 
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Oxford, Didcot, Oxfordshire. OX11 0SG. VAT No. 614944238

More information about the Freeradius-Users mailing list