free radius behind a load balancer?

Alan DeKok aland at deployingradius.com
Thu Jan 14 17:30:02 CET 2021


On Jan 14, 2021, at 11:25 AM, Coy Hile <coy.hile at coyhile.com> wrote:
> How do you mean? What specific things did you have to do for that to happen? (What I’ve seen is the NATed IP come through as the Packet-Src-IP-Address, rather than the machine from whence I was testing.)

  That's a bad load balancer then.

  You want either a ethernet layer load balancer, which doesn't muck with the IP headers.  Or, you want a RADIUS aware load balancer, which does the right things for RADIUS.

  What you have is a generic UDP load balancer.  It receives UDP packets, and then re-sends them to the RADIUS server.  You just can't do this with RADIUS.  As you've seen, all packets will appear to come from the load balancer.

  It might "work", in that packets will go back and forth.  But it won't be what you want.

  So... what are you using for the UDP layer load balancer?

  Alan DeKok.




More information about the Freeradius-Users mailing list