[RADIATOR] IPv6 equivalent to 0.0.0.0

Heikki Vatiainen hvn at open.com.au
Fri Jun 21 10:49:39 CDT 2013 

On 06/21/2013 04:06 PM, Mueller, Jason C wrote:
> I am trying to enable IPv6 on Radiator 4.11.

See the reference manual section "5.5 Address binding" for more
information, but in short by default in Linux:
- BindAddress ipv6::: allows the socket to receive *both* IPv4 and IPv6
UDP packets
- BindAddress 0.0.0.0 is for IPv4 only
- Using BindAddress 0.0.0.0,ipv6::: does not work since no matter which
order the wildcard addresses are listed, the IPv4 wildcard is tried to
be used twice

The reason and solution are described here:
http://tools.ietf.org/html/rfc3493#section-5.3

  "When this option is turned on,
   the socket can be used to send and receive IPv6 packets only."

The option is IPV6_V6ONLY and the system default can be switched from
(off) to on like this:

# echo 1 > /proc/sys/net/ipv6/bindv6only
or
% sudo sysctl net.ipv6.bindv6only=1

Once you do this, you can have
BindAddress 0.0.0.0,ipv6:::
or
BindAddress ipv6:::0.0.0.0

because there's no more magic related to the different address families
in the wildcard anymore.


> When using the BindAddress configuration parameter, I have to specify an IPv6 address. When I specify an address that is in use by the local system, Radiator successfully binds to the IPv6 address. For example, I have a line like this in my radius.cfg file which does work:
> BindAddress 0.0.0.0,ipv6:2620:0:e50:200::5
> 
> However, I would prefer to use an IPv6 equivalent to IPv4's 0.0.0.0. The reason is that I would like the same configuration file to work across multiple systems. This simplifies management and allows for easy synchronization.
> 
> I have tried ipv6:::, but that did not work.

Actually it should work if you do this:
BindAddress ipv6:::
since ipv6::: will take care of both address families.

> I also tried putting in a list of IPv6 addresses for each of the systems, thinking that it would successfully bind only to the IPv6 address locally configured and ignore the rest, but Radiator refuses to bind to any IPv6 addresses if there is a list of IPv6 addresses and one of them does not exist locally. For example, the following fails on a system configured with 2620:0:e50:200::5, because the address 2620:0:e50:300::5 does not exist on the system:
> BindAddress 0.0.0.0,ipv6:2620:0:e50:200::5,ipv6:2620:0:e50:300::5

That's correct. If the address is non-wildcard, the bind must succeed
currently.

> I am hoping that someone has an IPv6 equivalent to 0.0.0.0 that works with Radiator. If not, any ideas that can help me keep the same config file across multiple systems when using IPv6 (like I can do with IPv4) would be appreciated.

I think the most clear option is to turn on IPV6_V6ONLY and then use
BindAddress 0.0.0.0,ipv6:::. Then both IPv4 and IPv6 can be treated as
completely different protocols which they in practice pretty much are.

However, the system defaults with BindAddress ipv6::: will take care of
IPv4 and IPv6 messages received by any address the host has.

Thanks,
Heikki

-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.

More information about the radiator mailing list