[RADIATOR] ipv6::: bind results in no match on IPv4 client

[Heikki Vatiainen]

On 06/28/2013 03:17 PM, Mueller, Jason C wrote:

> I am still using ipv6:::, since I have not yet convinced system administrators to change the bindv6only attribute to 1.
> 
> The example above (which a couple of others also suggested) works for a single address (i.e., ipv6:::ffff:128.255.90.90). However, it does not look like you support CIDR notation for IPv6, which you do support for IPv4. I need the support of CIDR notation to avoid putting in many hundreds of client entries.

That's correct. The current CIDR notation is for IPv4 only.

I took an initial look about setting IPV6_V6ONLY for the listen socket
so that the option could be set or unset no matter what the system
default is. This would require a setsockopt() call, but it seems that
the availability IPV6_V6ONLY is not guaranteed with older Perls.

For example, I needed to use this in ServerRADIUS.pm:
setsockopt($s, Socket::IPPROTO_IPV6, 26, 1);

on Perl 5.14.2 and Ubuntu 12.04. This works, but I'd rather use a name
than bare 26 for IPV6_V6ONLY. Though I did not investigate this more at
this point.

> Any help is appreciated.

Turning off the system default would be the easiest. Adding a setsockopt
locally could fix it quickly too, but would mean there's the local
maintenance overhead with it.

CIDR support for IPv6 would require much more work. Adding the
possibility for setsockopt in Radiator should be doable after some
consideration how to handle it with the systems that do not support it
or do not provide the option name.

Thanks,
Heikki


-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.