Clients in virtual servers

Tue Apr 10 13:01:15 CEST 2018

On 10 Apr 2018, at 09:27, Stanislav Lorenc <stanislav.lorenc at cernovice.net> wrote:
> Hi i expect if packet is send to concrete virtual server on concrete port will be process within this server.

Ok. So it's not possible under FreeRADIUS v3, but you can implement something similar using unlang.

  * Add all your clients to a single virtual server
  * Write an unlang 'if' or 'switch' check using %{Packet-SRC-Port}
  * If your policy is simple, do the different things it as in-line policy. If it's complex, proxy internally to another virtual server 

e.g, something like:

switch "%{Packet-SRC-Port}" {
    case "112" {
        update control {
            Proxy-To-Realm := VirtualServer
        }
    }
    case "113" {
        update control {
            Proxy-To-Realm := OtherVirtualServer
        }
    }
}

Note this is a bad idea for a couple of reasons:
  * All clients sharing an IP need the same shared secret
  * If you use a fixed source port, you can only ever have 256 requests being processed at once

You're better off implementing NAT, and making sure every NAS has a unique address.

Adam Bishop

  gpg: E75B 1F92 6407 DFDF 9F1C  BF10 C993 2504 6609 D460

jisc.ac.uk

Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under Company No. 5747339, VAT No. GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill, Bristol, BS2 0JA. T 0203 697 5800.

Jisc Services Limited is a wholly owned Jisc subsidiary and a company limited by guarantee which is registered in England under company number 2881024, VAT number GB 197 0632 86. The registered office is: One Castle Park, Tower Hill, Bristol BS2 0JA. T 0203 697 5800.  