Preventing proxy loops
Alan DeKok
aland at deployingradius.com
Tue Sep 1 13:51:10 CEST 2020
On Sep 1, 2020, at 5:19 AM, Arnaud LAURIOU <arnaud.lauriou at renater.fr> wrote:
>
> We have freeRADIUS proxies dedicated to eduroam, version 3.0.21.
>
> Some of our clients are sending us Access-Request ... with their realm.
> We forward them to their home_server
Why?
The only packets you should get from Eduroam are ones for your realm. All other packets should be rejected immediately.
if (Realm != "renate.fr) {
reject
}
If they're sending packets for their realm to you, then you have no obligation to be polite. Don't send the packets back. Just reject them.
Their users will complain that they can't get online. They will then fix the issue.
Alan DeKok.
More information about the Freeradius-Users
mailing list