[RADIATOR] ipv6::: bind results in no match on IPv4 client

Mueller, Jason C jason-mueller at uiowa.edu
Fri Jun 28 11:56:04 CDT 2013 

Thanks for the information. I am still working on changing the system IPv6 default. I have currently relented to specifying every individual IP address that needs to listen for RADIUS across the set of systems running Radiator (both v4 and v6), and I will just live with the binding errors when Radiator starts. The reason is that the Radiator config is managed in a single file that is pushed to multiple systems to ensure consistency of the config. Works great, until trying to support IPv6. Living with the startup errors makes me cringe, but I don't expect success in getting the default changed. At least that gets me CIDR support for IPv4.

I still need CIDR support for IPv6. Many (and soon, the majority) of the clients are going to be IPv6, so most of them will require individual entries (hundreds of them), without CIDR support. From a customer perspective, I think CIDR notation for IPv6 is critical. That is the industry standard way of notating IPv6.

Is there any plan for IPv6 CIDR support in the future? If so, what timeframe?

Thanks for your help.

-Jason


On Jun 28, 2013, at 9:38 AM, Heikki Vatiainen <hvn at open.com.au> wrote:

> On 06/28/2013 03:17 PM, Mueller, Jason C wrote:
> 
>> I am still using ipv6:::, since I have not yet convinced system administrators to change the bindv6only attribute to 1.
>> 
>> The example above (which a couple of others also suggested) works for a single address (i.e., ipv6:::ffff:128.255.90.90). However, it does not look like you support CIDR notation for IPv6, which you do support for IPv4. I need the support of CIDR notation to avoid putting in many hundreds of client entries.
> 
> That's correct. The current CIDR notation is for IPv4 only.
> 
> I took an initial look about setting IPV6_V6ONLY for the listen socket
> so that the option could be set or unset no matter what the system
> default is. This would require a setsockopt() call, but it seems that
> the availability IPV6_V6ONLY is not guaranteed with older Perls.
> 
> For example, I needed to use this in ServerRADIUS.pm:
> setsockopt($s, Socket::IPPROTO_IPV6, 26, 1);
> 
> on Perl 5.14.2 and Ubuntu 12.04. This works, but I'd rather use a name
> than bare 26 for IPV6_V6ONLY. Though I did not investigate this more at
> this point.
> 
>> Any help is appreciated.
> 
> Turning off the system default would be the easiest. Adding a setsockopt
> locally could fix it quickly too, but would mean there's the local
> maintenance overhead with it.
> 
> CIDR support for IPv6 would require much more work. Adding the
> possibility for setsockopt in Radiator should be doable after some
> consideration how to handle it with the systems that do not support it
> or do not provide the option name.
> 
> Thanks,
> Heikki
> 
> 
> -- 
> Heikki Vatiainen <hvn at open.com.au>
> 
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
> DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
> NetWare etc.
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator

More information about the radiator mailing list