pre-proxy ?

Olivier CALVANO o.calvano at gmail.com
Wed Mar 18 08:35:13 CET 2015


Thanks for your return.

not exactly, because the NAS of my suplier can't interact directly with the
NAS of my customer. this has to go through my Cisco NAS.

in the file proxy.conf, we can add a pre proxy action ?
pre-proxy and post-proxy are managed in that file?


2015-03-18 7:59 GMT+01:00 Iliya Peregoudov <iperegudov at cboss.ru>:

> If I understand correctly there are supplier NAS, supplier proxy server,
> your proxy server, customer proxy server and customer NAS. Your goal is to
> make supplier NAS to establish compulsory tunnel to customer NAS.
>
> CPE========Suplier NAS==================Customer NAS=====Customer net
>                |                             |
>            Supplier         Your          Customer
>          proxy server----proxy server----home server
>
> Your proxy server should first proxy Access-Request from supplier proxy
> server to customer home server, then wait for customer home server
> response, then add Tunnel-Server-Endpoint attribute to the response and
> proxy the response back to supplier proxy server. This can be done in
> post-proxy section.
>
> When supplier NAS receive Access-Accept with Tunnel-Server-Endpoint it
> will establish compulsory tunnel to customer NAS. Customer NAS will send
> Access-Request to customer home server. There is no apparent reason for
> customer NAS to send Access-Request to your proxy server instead.
>
>
>
> On 18.03.2015 9:10, Olivier CALVANO wrote:
>
>> Hi
>>
>> I am new in Freeradius and i am search a small help.
>>
>>
>> - I receive a Radius Access request of the radius of my supplier.
>> this Radius have the ip address 192.168.10.100
>>
>> - Based on the realm, i forward the request to my customer.
>>
>> i want add in the process a action before sent the request to my customer.
>>
>> Actually i have:
>>
>> in proxy.conf
>>
>> home_server rad-auth-primaire-1.customer_realm.myrealm {
>>          type            = auth
>>          ipaddr          = 172.16.1.1
>>          port            = 1812
>>          secret          = password
>>          require_message_authenticator = yes
>>          response_window = 20
>>          zombie_period   = 40
>>          status_check    = status-server
>>          check_interval  = 20
>>          num_answers_to_alive = 3
>> }
>>
>>
>> home_server_pool pool-auth.customer_realm.myrealm {
>>          type = fail-over
>>          home_server = rad-auth-primaire-1.customer_realm.myrealm
>>          home_server = rad-auth-secondaire-1.customer_realm.myrealm
>> }
>>
>>
>> realm "~(customer_realm.myrealm)" {
>>          auth_pool = pool-auth.customer_realm.myrealm
>>          nostrip
>> }
>>
>>
>> i want add this action:
>>
>> Before sent the access request to my customer, i want that my radius
>> answer
>> to the
>> radius server of my supplier a Access-Accept with a:
>>      Tunnel-Server-Endpoint:0 = "172.17.10.250"
>>
>> With this information, my supplier sent the tunnel to 172.17.10.250, it's
>> a
>> Cisco router, when i receive the tunnel he sent a access request to my
>> radius and i want that my radius forward the request to the radius server
>> of my customer with a :
>>      NAS-IP-Address = 172.17.10.250
>>
>> It's possible ?
>>
>> CPE Customer ==> My_Cisco_172.17.10.250 ==> Cisco of my Customer (replied
>> in radius tunnel end point)
>>
>>
>>
>>
>> I don't know what file i modify for this, policy.conf ? other ?
>>
>> very very new ;=)
>>
>> thanks for your help
>> Olivier
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/
>> list/users.html
>>
>>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html


More information about the Freeradius-Users mailing list