pre-proxy ?

Iliya Peregoudov iperegudov at cboss.ru
Wed Mar 18 07:59:35 CET 2015 

If I understand correctly there are supplier NAS, supplier proxy server, 
your proxy server, customer proxy server and customer NAS. Your goal is 
to make supplier NAS to establish compulsory tunnel to customer NAS.

CPE========Suplier NAS==================Customer NAS=====Customer net
                |                             |
            Supplier         Your          Customer
          proxy server----proxy server----home server

Your proxy server should first proxy Access-Request from supplier proxy 
server to customer home server, then wait for customer home server 
response, then add Tunnel-Server-Endpoint attribute to the response and 
proxy the response back to supplier proxy server. This can be done in 
post-proxy section.

When supplier NAS receive Access-Accept with Tunnel-Server-Endpoint it 
will establish compulsory tunnel to customer NAS. Customer NAS will send 
Access-Request to customer home server. There is no apparent reason for 
customer NAS to send Access-Request to your proxy server instead.


On 18.03.2015 9:10, Olivier CALVANO wrote:
> Hi
>
> I am new in Freeradius and i am search a small help.
>
>
> - I receive a Radius Access request of the radius of my supplier.
> this Radius have the ip address 192.168.10.100
>
> - Based on the realm, i forward the request to my customer.
>
> i want add in the process a action before sent the request to my customer.
>
> Actually i have:
>
> in proxy.conf
>
> home_server rad-auth-primaire-1.customer_realm.myrealm {
>          type            = auth
>          ipaddr          = 172.16.1.1
>          port            = 1812
>          secret          = password
>          require_message_authenticator = yes
>          response_window = 20
>          zombie_period   = 40
>          status_check    = status-server
>          check_interval  = 20
>          num_answers_to_alive = 3
> }
>
>
> home_server_pool pool-auth.customer_realm.myrealm {
>          type = fail-over
>          home_server = rad-auth-primaire-1.customer_realm.myrealm
>          home_server = rad-auth-secondaire-1.customer_realm.myrealm
> }
>
>
> realm "~(customer_realm.myrealm)" {
>          auth_pool = pool-auth.customer_realm.myrealm
>          nostrip
> }
>
>
> i want add this action:
>
> Before sent the access request to my customer, i want that my radius answer
> to the
> radius server of my supplier a Access-Accept with a:
>      Tunnel-Server-Endpoint:0 = "172.17.10.250"
>
> With this information, my supplier sent the tunnel to 172.17.10.250, it's a
> Cisco router, when i receive the tunnel he sent a access request to my
> radius and i want that my radius forward the request to the radius server
> of my customer with a :
>      NAS-IP-Address = 172.17.10.250
>
> It's possible ?
>
> CPE Customer ==> My_Cisco_172.17.10.250 ==> Cisco of my Customer (replied
> in radius tunnel end point)
>
>
>
>
> I don't know what file i modify for this, policy.conf ? other ?
>
> very very new ;=)
>
> thanks for your help
> Olivier
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>

More information about the Freeradius-Users mailing list