Freeradius 3.x - CoA proxy and dynamic-client
Alex
allexander.alex at gmail.com
Tue Sep 1 14:04:15 CEST 2020
Il giorno mar 1 set 2020 alle ore 13:57 Alan DeKok <
aland at deployingradius.com> ha scritto:
> On Sep 1, 2020, at 7:50 AM, Alex <allexander.alex at gmail.com> wrote:
> > My scenario is like this
> >
> >
> > Client ----- proxy (FR 3.x) ------ AAA (FR 3.x)
> >
> > |----------------- COA generator (Java)
> >
> >
> > So, I have a proxy frontend with dynamc-clients virtualserver wich
> forwards
> > the authentication and accounting requests to the backend via realm
> module.
> > this is working like a charm.
>
> That's good.
>
> > I would like to use also coa requests to the client. this requests are
> > generated by a java software, then they should be proxied by the frontend
> > and forwarded to the client.
>
> Why? Why not just send them directly to the client?
>
> The client only knows that the packet came from the IP of the proxy, and
> has the correct shared secret. The client doesn't know that the packet was
> sent by FreeRADIUS, or by a separate application.
>
the java module is outside the network. the network is segmented, so java
module cannot talk directly to the clients. it's also a requirement to
preserve it.
> > from my understanding the realm module needs a static client definition
> to
> > proxy the coa requests, but this is not applicable to my scenario.
>
> v3 doesn't support dynamic home servers.
>
are they supported in version 2? i can change the fronted version as i like.
>
> > so now I'm trying to find some kind of workaround, but i'm not able to
> find
> > any documentation on known pattern on the documentation.
> >
> > is someone facing the same problem or had solved it in the past?
>
> Just use "radclient" to send packets directly to the client.
>
> Alan DeKok
thank you and best regards
Alex
More information about the Freeradius-Users
mailing list