[RADIATOR] IPv6 equivalent to 0.0.0.0

Fri Jun 21 12:25:32 CDT 2013

Heikki,

That works. Thanks for the info, as I did not find it in the reference manual. I just looked, and my reference manual is a PDF from 2008. I will update ASAP.

Thanks again.

-Jason

On Jun 21, 2013, at 10:49 AM, Heikki Vatiainen <hvn at open.com.au> wrote:

> On 06/21/2013 04:06 PM, Mueller, Jason C wrote:
>> I am trying to enable IPv6 on Radiator 4.11.
> 
> See the reference manual section "5.5 Address binding" for more
> information, but in short by default in Linux:
> - BindAddress ipv6::: allows the socket to receive *both* IPv4 and IPv6
> UDP packets
> - BindAddress 0.0.0.0 is for IPv4 only
> - Using BindAddress 0.0.0.0,ipv6::: does not work since no matter which
> order the wildcard addresses are listed, the IPv4 wildcard is tried to
> be used twice
> 
> The reason and solution are described here:
> http://tools.ietf.org/html/rfc3493#section-5.3
> 
>  "When this option is turned on,
>   the socket can be used to send and receive IPv6 packets only."
> 
> The option is IPV6_V6ONLY and the system default can be switched from
> (off) to on like this:
> 
> # echo 1 > /proc/sys/net/ipv6/bindv6only
> or
> % sudo sysctl net.ipv6.bindv6only=1
> 
> Once you do this, you can have
> BindAddress 0.0.0.0,ipv6:::
> or
> BindAddress ipv6:::0.0.0.0
> 
> because there's no more magic related to the different address families
> in the wildcard anymore.
> 
> 
>> When using the BindAddress configuration parameter, I have to specify an IPv6 address. When I specify an address that is in use by the local system, Radiator successfully binds to the IPv6 address. For example, I have a line like this in my radius.cfg file which does work:
>> BindAddress 0.0.0.0,ipv6:2620:0:e50:200::5
>> 
>> However, I would prefer to use an IPv6 equivalent to IPv4's 0.0.0.0. The reason is that I would like the same configuration file to work across multiple systems. This simplifies management and allows for easy synchronization.
>> 
>> I have tried ipv6:::, but that did not work.
> 
> Actually it should work if you do this:
> BindAddress ipv6:::
> since ipv6::: will take care of both address families.
> 
>> I also tried putting in a list of IPv6 addresses for each of the systems, thinking that it would successfully bind only to the IPv6 address locally configured and ignore the rest, but Radiator refuses to bind to any IPv6 addresses if there is a list of IPv6 addresses and one of them does not exist locally. For example, the following fails on a system configured with 2620:0:e50:200::5, because the address 2620:0:e50:300::5 does not exist on the system:
>> BindAddress 0.0.0.0,ipv6:2620:0:e50:200::5,ipv6:2620:0:e50:300::5
> 
> That's correct. If the address is non-wildcard, the bind must succeed
> currently.
> 
>> I am hoping that someone has an IPv6 equivalent to 0.0.0.0 that works with Radiator. If not, any ideas that can help me keep the same config file across multiple systems when using IPv6 (like I can do with IPv4) would be appreciated.
> 
> I think the most clear option is to turn on IPV6_V6ONLY and then use
> BindAddress 0.0.0.0,ipv6:::. Then both IPv4 and IPv6 can be treated as
> completely different protocols which they in practice pretty much are.
> 
> However, the system defaults with BindAddress ipv6::: will take care of
> IPv4 and IPv6 messages received by any address the host has.
> 
> Thanks,
> Heikki
> 
> -- 
> Heikki Vatiainen <hvn at open.com.au>
> 
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
> DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
> NetWare etc.
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator