(RADIATOR) Source IP on reply packet

[José Borges Ferreira]

Hi,

I've recently set up a Radiator server on a RH Linux 9 Box running 
Radiator 3.7.1 and a Web server. So far so good but i
have a somehow complex network setup.
I have multiple interfaces and recieve traffic from all of them. Since i 
don't know from witch hosts i will be reaching  my server i implemented 
source-based routing using iproute

The setup per interface  is something like this:

echo 200 int_admin >> /etc/iproute2/rt_tables
ip route flush table int_admin
ip route add default via 10.12.1.11 dev eth0.65 table int_admin
ip rule add from 10.12.1.11 table int_admin
ip route flush cache


I've tested the web server and works fine.
When i try the RADIUS it fails.

After some debugging  i found that the major diference between them is 
that web is TCP and RADIUS UDP (obvious).
On the web server the source IP on the response packets on the webserver 
is the same of the destination IP of the initial request. On the 
Radiator the the source ip packet of the authentication-response is the 
IP of the interface  matching a routing rule ( usually the default gateway).

The possible solutions are :

* Binding a Radiator th every interface ( only possible by running an 
extra radiusd process ?! )
* Adding an static route for every radius client ( can cause assimetric 
route and fail firewall state)
* Adding similar code to the LocalAddress directive in AuthRADIUS to 
force source IP of the the response packet.

Any ideas ?!


Best regards,

José Borges Ferreira




===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.