Virtual Servers on 127.0.0.2

Alan DeKok aland at deployingradius.com
Mon Sep 23 21:36:36 CEST 2019


On Sep 23, 2019, at 3:32 PM, Matthew Schumacher <matt.s at aptalaska.net> wrote:
> 
> I must be missing something.  I'm building some monitoring to test various virtual servers with:
> 
> client 127.0.0.1 {
>         secret          = testing
>         virtual_server  = serverA
> }
> 
> client 127.0.0.2 {
>         secret          = testing
>         virtual_server  = serverB
> }
> 
> But when I use radtest, only serverA responds regardless of which address I use.  I can see in tcpdump the packet is sourced from the alternate IP.

  IPs are just IPs.  The server doesn't really do anything magic with them.

>  In the logs, I see:
> 
> (9) Received Access-Request Id 182 from 127.0.0.1:33603 to 127.0.0.2:1812 length 80

  127.0.0.1 is the client IP.  127.0.0.2 is the server IP.

  So you've *also* configured the server to listen on 127.0.0.2.

> So the server knows the correct address, but then later down:
> 
> (9) Login OK: [testuser] (from client 127.0.0.1 port 1)
> (9) Sent Access-Accept Id 182 from 127.0.0.2:1812 to 127.0.0.1:33603 length 0

  Yes, FROM server address TO client address.  That's fine.

> It seems radiusd aggregates these addresses.  Is this by design?

  It doesn't get IP addresses confused.

  Alan DeKok.




More information about the Freeradius-Users mailing list