[RADIATOR] ipv6::: bind results in no match on IPv4 client

Mueller, Jason C jason-mueller at uiowa.edu
Thu Jun 27 15:01:14 CDT 2013 

For the sake of testing out whether making the BindAddress look as you suggested might help, I went ahead and did as you suggested. My Bind Address now looks like this:
BindAddress ipv6:::, 0.0.0.0

I was thinking that there just might be a chance that Radiator would need the "0.0.0.0" value to tell Radiator itself something that allowed it to match IPv4 requests against the Client statements correctly. No go.

As expected (due to the IPv6 config file bindv6only value being set to 0), an error was sent to the Radiator log, when it tried to bind 0.0.0.0. This is because it was already implicitly bound to 0.0.0.0 by the ipv6::: parameter. However, the inability to match on IPv4 client statements persists. In the log below, I *do not* have a DEFAULT client set. As I indicated previously, if I create a DEFAULT client, then all IPv4 RADIUS dialogues are processed using the DEFAULT client stanza.

Here is the log:
Thu Jun 27 14:35:47 2013: DEBUG: Finished reading configuration file '/etc/radiator/radius.cfg'
Thu Jun 27 14:35:47 2013: DEBUG: Reading dictionary file '/etc/radiator/dictionary'
Thu Jun 27 14:35:47 2013: DEBUG: Creating authentication port ipv6::::1812
Thu Jun 27 14:35:47 2013: DEBUG: Creating accounting port ipv6::::1813
Thu Jun 27 14:35:47 2013: DEBUG: Creating authentication port 0.0.0.0:1812
Thu Jun 27 14:35:47 2013: ERR: Could not bind authentication socket: Address already in use
Thu Jun 27 14:35:47 2013: DEBUG: Creating accounting port 0.0.0.0:1813
Thu Jun 27 14:35:47 2013: ERR: Could not bind accounting socket: Address already in use
Thu Jun 27 14:35:47 2013: NOTICE: Server started: Radiator 4.11 on thing-1.its.uiowa.edu
Thu Jun 27 14:36:11 2013: NOTICE: Request from unknown client 128.255.100.70: ignored
Thu Jun 27 14:36:12 2013: NOTICE: Request from unknown client 128.255.100.70: ignored
Thu Jun 27 14:36:13 2013: NOTICE: Request from unknown client 128.255.100.70: ignored

Quick summary again, when using ipv6::: and bindv6only set to 0:
* Both IPv4 and IPv6 traffic gets to Radiator
* IPv6 works with everything I have tried
* IPv4 clients will not match on the proper client stanza, only the DEFAULT client stanza

Let me know if you have any more questions. I hope that helps to clarify the issue. I would appreciate any help in resolving it. 

Thanks.

-Jason



On Jun 27, 2013, at 8:07 AM, "Mueller, Jason C" <jason-mueller at uiowa.edu> wrote:

> Hugh,
> 
> 
>> According to section 5.5 in the Radiator 4.11 reference manual ("doc/ref.pdf") you need to specify both ipv6 and ipv4 like this:
>> 
>> 
>> BindAddress  ipv6:::, 0.0.0.0
> 
> That syntax doesn't work on my system. The issue is not with the binding statement. I am able to receive both IPv4 and IPv6 RADIUS traffic on the system. As pointed out in a previous thread where I had a question about the bind statement, whether or not you need to include the 0.0.0.0 portion is dependent on the IP stack implementation on your system. On the system I am working on, if I add the 0.0.0.0, I will get an error.
> 
> Radiator receives the IPv4 requests just find with my binding set to "ipv6:::". In fact, Radiator processes the IPv4 requests using the DEFAULT client stanza, as I indicated.
> 
> It seems to me that this is an issue where Radiator does not match on IPv4 client stanzas when specifying a bind of "ipv6:::", which is a legitimate binding statement that results in IPv4 traffic also working.
> 
> To summarize again, with my current config, IPv4 traffic works just fine, only the matching for IPv4 clients doesn't work. This seems like a bug in Radiator.
> 
> 
>> Hint: Linux also has a special file to control the system wide behaviour: /proc/sys/net/ipv6/bindv6only
> 
> We have separation of duties here, and I may or may not be able to convince the administrator of the operating system to change this file. By changing this, I could add the 0.0.0.0 parameter to the BindAddress statement, but as indicated above, it is not necessary in order to receive IPv4 traffic. That is already working, and the administrator of the system will likely point that out.
> 
> 
>> Hint: In order to support IPV6 address, you must install the Perl Socket6 module.
> 
> This is already done, or the IPv6 client would not have worked, and it does.
> 
> Any thoughts on why Radiator doesn't match properly?
> 
> Thanks.
> 
> -Jason
> 
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator

More information about the radiator mailing list