Accept PROXY protocol
aland at deployingradius.com
Fri Jul 30 16:05:38 CEST 2021
On Jul 22, 2021, at 8:41 AM, Alan DeKok <aland at deployingradius.com> wrote:
> TBH, it's probably not too hard to add support for this.
> Right now, the server core assumes that the TCP connection IP/port is where the data comes from. So it would have to separate the TCP connection from the client connection information.
> It's probably less than 1000 lines of code to add this for TCP/TLS connections. But the developers are largely booked with a ton of other things, so this is on the "nice, but perhaps one day" list.
$ git diff 2f2db87b0 src/main/tls_listen.c | wc -l
So that's nice. :)
For anyone who wants PROXY protocol support, please try v3.0.x. Please also suggest documentation updates, specifically comments on configuring haproxy.
More information about the Freeradius-Users