(RADIATOR) Proxy Radius

Brian CHNG Sing Yong brianc at starhub.com
Thu May 13 19:44:04 CDT 2004 

Thanks Hugh

For my case, the IP address was already assigned at the GPRS network, the
GGSN will only send accounting packets to Radiator server which will contain
the Framed-IP-Address. I'll test out the solution from you. Thanks a lot.

Regards
Brian


-----Original Message-----
From: Hugh Irvine [mailto:hugh at open.com.au]
Sent: Friday, May 14, 2004 8:01 AM
To: Brian CHNG Sing Yong
Cc: radiator at open.com.au
Subject: Re: (RADIATOR) Proxy Radius



Hello Brian -

The Framed-IP-Address is usually (although not always) assigned after 
the radius authentication happens.

You will need to check a trace 4 debug to verify the contents of the 
access requests.

If the access requests do contain the Framed-IP-Address, you can do 
something like this:

<Handler Framed-IP-Address = /^10.1.1/>
	.....
</Handler>

<Handler Framed-IP-Address = /^10.1.2/>
	.....
</Handler>

regards

Hugh


On 13 May 2004, at 14:00, Brian CHNG Sing Yong wrote:

> Hi
>
>  Sorry, I think my question wasn't clear enough.
>
> If I'm not wrong the solution below allows me to forward the 
> authentication/accounting packet to pre-defined proxy host based on 
> the RAS Client.
>
> The situation is I'm using Radiator in a GPRS network environment, the 
> client is the handset and is assigned with a range of IP pool 
> depending on which APN they are using, so I need to filter by these IP 
> pool and proxy the request to pre-defined proxy host.
>
> For example
> IP Pool 10.1.1.0/24 handset IP coming from RAS Client 10.2.1.1, proxy 
> request to 15.1.1.1 ( Radius Server )
>
> IP Pool 10.1.2.0/24 handset IP coming from RAS Client 10.2.1.1, proxy 
> request to 15.1.1.2 ( Radius Server )
>
> Regards
> Brian
>
>
>
>
> -----Original Message-----
> From: Hugh Irvine [mailto:hugh at open.com.au]
> Sent: Thursday, May 13, 2004 11:39 AM
> To: Brian CHNG Sing Yong
> Cc: radiator at open.com.au
> Subject: Re: (RADIATOR) Proxy Radius
>
>
>
>
> Hello Brian -
>
> Something like this:
>
> <Client 10.1.1.1>
>         Identifier ProxyRadius1
>         .....
> </Client>
>
> <Client 10.1.1.2>
>         Identifier ProxyRadius1
>         .....
> </Client>
>
> .....
>
> <Client 10.1.2.1>
>         Identifier ProxyRadius2
>         .....
> </Client>
>
> <Client 10.1.2.2>
>         Identifier ProxyRadius2
>         .....
> </Client>
>
> .....
>
> <Handler Client-Identifier = ProxyRadius1>
>         <AuthBy RADIUS>
>                 .....
>         </AuthBy>
>         .....
> </Handler>
>
> <Handler Client-Identifier = ProxyRadius2>
>         <AuthBy RADIUS>
>                 .....
>         </AuthBy>
>         .....
> </Handler>
>
> .....
>
> regards
>
> Hugh
>
>
>
> On 13 May 2004, at 12:46, Brian CHNG Sing Yong wrote:
>
> > Hi
> >
> > Would it be possible to do remote proxying to predefined list of 
> proxy
> > host based on the FRAMED IP ADDRESS ? If so how can I do it ?
> >
> > Example
> > Client IP Range : 10.1.1.0 netmask 255.255.255.0 forward
> > authenication/accounting packets to Proxy Radius 1
> > Client IP Range : 10.1.2.0 netmask 255.255.255.0 forward
> > authenication/accounting packets to Proxy Radius 2
> >
> > Regards
> > Brian
> >
> >
> >
> >
> > This email is confidential and privileged.  If you are not the
> > intended recipient, you must not view, disseminate, use or copy this
> > email. Kindly notify the sender immediately, and delete this email
> > from your system. Thank you.
> >
> > Please visit our website at www.starhub.com
> >
>
> NB: have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
>
> -- 
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
>
> This email is confidential and privileged.  If you are not the 
> intended recipient, you must not view, disseminate, use or copy this 
> email. Kindly notify the sender immediately, and delete this email 
> from your system. Thank you.
>
> Please visit our website at www.starhub.com
>

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

This email is confidential and privileged.  If you are not the intended
recipient, you must not view, disseminate, use or copy this email. Kindly
notify the sender immediately, and delete this email from your system. Thank
you.

Please visit our website at www.starhub.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20040514/5db07fe1/attachment.html>

More information about the radiator mailing list