pre-proxy ?

Iliya Peregoudov iperegudov at cboss.ru
Wed Mar 18 11:59:07 CET 2015


On 18.03.2015 10:35, Olivier CALVANO wrote:
> Thanks for your return.
>
> not exactly, because the NAS of my suplier can't interact directly with the
> NAS of my customer. this has to go through my Cisco NAS.
>
> in the file proxy.conf, we can add a pre proxy action ?
> pre-proxy and post-proxy are managed in that file?

Pre-proxy section is used to modify request received from RADIUS client 
(e.g NAS or downstream proxy server) before sending it to home server. 
Post-proxy section is used to modify response received from home server 
before sending it back to RADIUS client. Both pre-proxy section and 
post-proxy section are configured in raddb/sites-available/default.

> 2015-03-18 7:59 GMT+01:00 Iliya Peregoudov <iperegudov at cboss.ru>:
>
>> If I understand correctly there are supplier NAS, supplier proxy server,
>> your proxy server, customer proxy server and customer NAS. Your goal is to
>> make supplier NAS to establish compulsory tunnel to customer NAS.
>>
>> CPE========Suplier NAS==================Customer NAS=====Customer net
>>                 |                             |
>>             Supplier         Your          Customer
>>           proxy server----proxy server----home server
>>
>> Your proxy server should first proxy Access-Request from supplier proxy
>> server to customer home server, then wait for customer home server
>> response, then add Tunnel-Server-Endpoint attribute to the response and
>> proxy the response back to supplier proxy server. This can be done in
>> post-proxy section.
>>
>> When supplier NAS receive Access-Accept with Tunnel-Server-Endpoint it
>> will establish compulsory tunnel to customer NAS. Customer NAS will send
>> Access-Request to customer home server. There is no apparent reason for
>> customer NAS to send Access-Request to your proxy server instead.
>>
>>
>>
>> On 18.03.2015 9:10, Olivier CALVANO wrote:
>>
>>> Hi
>>>
>>> I am new in Freeradius and i am search a small help.
>>>
>>>
>>> - I receive a Radius Access request of the radius of my supplier.
>>> this Radius have the ip address 192.168.10.100
>>>
>>> - Based on the realm, i forward the request to my customer.
>>>
>>> i want add in the process a action before sent the request to my customer.
>>>
>>> Actually i have:
>>>
>>> in proxy.conf
>>>
>>> home_server rad-auth-primaire-1.customer_realm.myrealm {
>>>           type            = auth
>>>           ipaddr          = 172.16.1.1
>>>           port            = 1812
>>>           secret          = password
>>>           require_message_authenticator = yes
>>>           response_window = 20
>>>           zombie_period   = 40
>>>           status_check    = status-server
>>>           check_interval  = 20
>>>           num_answers_to_alive = 3
>>> }
>>>
>>>
>>> home_server_pool pool-auth.customer_realm.myrealm {
>>>           type = fail-over
>>>           home_server = rad-auth-primaire-1.customer_realm.myrealm
>>>           home_server = rad-auth-secondaire-1.customer_realm.myrealm
>>> }
>>>
>>>
>>> realm "~(customer_realm.myrealm)" {
>>>           auth_pool = pool-auth.customer_realm.myrealm
>>>           nostrip
>>> }
>>>
>>>
>>> i want add this action:
>>>
>>> Before sent the access request to my customer, i want that my radius
>>> answer
>>> to the
>>> radius server of my supplier a Access-Accept with a:
>>>       Tunnel-Server-Endpoint:0 = "172.17.10.250"
>>>
>>> With this information, my supplier sent the tunnel to 172.17.10.250, it's
>>> a
>>> Cisco router, when i receive the tunnel he sent a access request to my
>>> radius and i want that my radius forward the request to the radius server
>>> of my customer with a :
>>>       NAS-IP-Address = 172.17.10.250
>>>
>>> It's possible ?
>>>
>>> CPE Customer ==> My_Cisco_172.17.10.250 ==> Cisco of my Customer (replied
>>> in radius tunnel end point)
>>>
>>>
>>>
>>>
>>> I don't know what file i modify for this, policy.conf ? other ?
>>>
>>> very very new ;=)
>>>
>>> thanks for your help
>>> Olivier
>>> -
>>> List info/subscribe/unsubscribe? See http://www.freeradius.org/
>>> list/users.html
>>>
>>>
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/
>> list/users.html
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>



More information about the Freeradius-Users mailing list