SO_REUSEADDR for dhcp listener - goog idea?

Alan DeKok aland at deployingradius.com
Thu Jul 12 20:36:59 CEST 2018


On Jul 12, 2018, at 2:06 PM, Kamil Jońca <kjonca at o2.pl> wrote:
> 
> Recently strongswan folks changed behavior of charon regarding dhcp.
> 
> https://lists.strongswan.org/pipermail//dev/2018-June/001918.html

  That's not good.

  They should bind to a specific interface and IP address.  That avoids all of these issues.

  It's what web servers do after all.. you can run multiple web servers on port 80, if they all listen on different IP addresses.

  FreeRADIUS has been able to bind to a specific interface for ages.  For precisely this reason.

> side effect is, that freeradius refuses to start when charon is
> working.

  As it should.

> According to link SO_REUSEADDR on dhcp server socket should be enough,

  That will let it bind.

  However, the packets sent *to* that port will randomly go to to either FreeRADIUS, or to strongswan.

> I do not know if strongswan people are right but if so, maybe it would
> be good idea to put SO_REUSEADDR for dhcp listener?

  It's not.  It's a bad idea to have two *completely* different processes use SO_REUSADDR,

  Instead, Strongswan should have a configuration to listen on a given ip/interface.  You can then use one IP for strongswan, and a different IP for FreeRADIUS.

  Alan DeKok.





More information about the Freeradius-Users mailing list