Accept PROXY protocol

Alan DeKok aland at deployingradius.com
Fri Jul 30 16:05:38 CEST 2021


On Jul 22, 2021, at 8:41 AM, Alan DeKok <aland at deployingradius.com> wrote:
> 
>  TBH, it's probably not too hard to add support for this.

https://github.com/FreeRADIUS/freeradius-server/commit/54c5ec1da6396bad2ab482fbdb33ac6ebf86feaa

>  Right now, the server core assumes that the TCP connection IP/port is where the data comes from.  So it would have to separate the TCP connection from the client connection information.
> 
>  It's probably less than 1000 lines of code to add this for TCP/TLS connections.  But the developers are largely booked with a ton of other things, so this is on the "nice, but perhaps one day" list.

$ git diff 2f2db87b0 src/main/tls_listen.c  | wc -l
     298

  So that's nice.  :)

  For anyone who wants PROXY protocol support, please try v3.0.x.  Please also suggest documentation updates, specifically comments on configuring haproxy.

  Alan DeKok.




More information about the Freeradius-Users mailing list