Dual Stack RadSec

Brian Julin BJulin at clarku.edu
Thu Nov 14 15:39:32 CET 2013


> On 14 Nov 2013, at 13:35, Phil Mayers <p.mayers at IMPERIAL.AC.UK> wrote:
> > Same as with OpenSSH; a single TCP socket, listening on IPv6, gets both
> IPv4 and IPv6 connect attempts, with the v4 source appearing as a mapped
> address.
> 
> Yup, this is what I mean - 1.2.3.4 becomes ::ffff:1:2:3:4, controlled by the
> sysctl knob 'net.ipv6.bindv6only'.

FWIW, this approach opens a bunch of (not insurmountable) security obstacles.

See draft-itojun-v6ops-v4mapped-harmful-00





More information about the Freeradius-Users mailing list