Page MenuHomePhabricator

Specify RADIUS source ip


RADIUS servers could be hardened by only allowing certain IP addresses to connect. As of now the radius client used e.g. for L2TP VPN auth will bind to address *. Incoming connections to the freeradius server will use the nearest interface IP address pointing to the radius server - making it error prone on OSPF networks when a link fails.

Instead of allowing all IPs from a router to connect to the RADIUS server, we should implement support for a source-ip node.

Freeradius-client used in VyOS 1.2 supports binding to an IP address:

# local address from which radius packets have to be sent
bindaddr *

Cisco uses something similar in IOS: radius ?
  source-interface  Specify interface for source address in RADIUS packets ip radius source-interface loopback0


Difficulty level
Unknown (require assessment)
Why the issue appeared?
Will be filled on close
c-po created this task.Sep 4 2018, 5:49 AM
syncer triaged this task as Normal priority.Tue, Sep 25, 2:07 PM