[RADIATOR] BindAddress question

Alexander Hartmaier alexander.hartmaier at t-systems.at
Tue Jun 14 03:45:04 CDT 2011 

Does this mean that we can't bind to IPv4 and IPv6 separately on Linux
to not get v6 mapped v4 addresses?

Am 2011-06-09 19:50, schrieb Heikki Vatiainen:
> On 06/09/2011 05:37 PM, Dyonisius Visser wrote:
>> Well, I installed a second instance on a dual stack host, and I tested
>> various combinations:
> Thanks for the summary.
>
>> BindAddress 192.87.30.31,ipv6:2001:610:148:dead::31
>>      I.e. hardcoded addresses - this works, both IPv4 and IPv6 clients work
>>
>> BindAddress ipv6:::
>>     IPv4 blocked (NOTICE: Request from unknown client 192.87.30.32: ignored)
> This should work if you specify your client like this:
>
> <Client ipv6:::ffff:192.87.30.32>
>
> Since the request arrived over IPv4 but was delivered to the application
> by IPv6 wildcard socket, the IPv4 address is presented as an IPv6
> address. See
>
> http://tools.ietf.org/html/rfc4291#section-2.5.5
>
> section "2.5.5.2. IPv4-Mapped IPv6 Address". The purpose of this mapping
> is to let the application to know was the message received over IPv6 or
> IPv4 since the socket can handle both protocols.
>
>
>> BindAddress 0.0.0.0
>>    This is the default. IPv4 clients work. IPv6 clients DO NOT work,
>> and worse, nothing is logged by radiator, no "request from unknown
>> client 2001:610:blah:blah"
>>
>> BindAddress ipv6:::,0.0.0.0
>>    Startup gives some errors, and only IPv6 works:
>> Thu Jun  9 16:25:54 2011: DEBUG: Finished reading configuration file
>> '/etc/radiator/radius.cfg'
>> Thu Jun  9 16:25:54 2011: DEBUG: Reading dictionary file
>> '/etc/radiator/db/dictionary'
>> Thu Jun  9 16:25:54 2011: DEBUG: Creating authentication port ipv6::::1812
>> Thu Jun  9 16:25:54 2011: DEBUG: Creating accounting port ipv6::::1813
>> Thu Jun  9 16:25:54 2011: DEBUG: Creating authentication port 0.0.0.0:1812
>> Thu Jun  9 16:25:54 2011: ERR: Could not bind authentication socket:
>> Address already in use
>> Thu Jun  9 16:25:54 2011: DEBUG: Creating accounting port 0.0.0.0:1813
>> Thu Jun  9 16:25:54 2011: ERR: Could not bind accounting socket:
>> Address already in use
>> Thu Jun  9 16:25:54 2011: NOTICE: Server started: Radiator 4.8 on radius
>> Thu Jun  9 16:25:55 2011: NOTICE: Request from unknown client
>> 145.100.98.42: ignored
>>
>> BindAddress 0.0.0.0,ipv6:::
>>    Also some errors, only IPv4 works, and also nothing logged when an
>> IPv6 client connects:
>> Thu Jun  9 16:27:42 2011: DEBUG: Finished reading configuration file
>> '/etc/radiator/radius.cfg'
>> Thu Jun  9 16:27:42 2011: DEBUG: Reading dictionary file
>> '/etc/radiator/db/dictionary'
>> Thu Jun  9 16:27:42 2011: DEBUG: Creating authentication port 0.0.0.0:1812
>> Thu Jun  9 16:27:42 2011: DEBUG: Creating accounting port 0.0.0.0:1813
>> Thu Jun  9 16:27:42 2011: DEBUG: Creating authentication port ipv6::::1812
>> Thu Jun  9 16:27:42 2011: ERR: Could not bind authentication socket:
>> Address already in use
>> Thu Jun  9 16:27:42 2011: DEBUG: Creating accounting port ipv6::::1813
>> Thu Jun  9 16:27:42 2011: ERR: Could not bind accounting socket:
>> Address already in use
>> Thu Jun  9 16:27:42 2011: NOTICE: Server started: Radiator 4.8 on radius
>>
>>
>> So the only way I can radiator to accept requests from both protocols,
>> is to hardcode the interface addresses.
>>
>> Would it be possible to have radiator listen to 4+6 without hard coding?
>>
>> I think that option (whatever it looks like) should be the default.
>>
>> If possible, can the behavior of the current default ('BindAddress
>> 0.0.0.0') be changed so that it actually logs ignored incoming
>> requests?
>> I've spend quite some time figuring out what is going on, and only
>> tcpdump revealed that requests are actually reaching my box.
>>
>> Thanks :-)
>>
>

*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
T-Systems Austria GesmbH   Rennweg 97-99, 1030 Wien
Handelsgericht Wien, FN 79340b
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
Notice: This e-mail contains information that is confidential and may be privileged.
If you are not the intended recipient, please notify the sender and then
delete this e-mail immediately.
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*

More information about the radiator mailing list