NAS IP address under NAT
yick.xie at gmail.com
Thu Nov 12 13:21:46 PST 2015
I found a little issue, hope you don't mind of having a look at it.
The ocserv seems to packet the "NAS IP address" which is used by
freeradiusclient to send messages. Recently I deployed a cloud VM
which is placed behind a firewall to separate the internal network
from public Internet. The VM is assigned with a group of private IP
addresses (e.g. 10.15.0.0/22), and at the same time with a dedicated
public IP address (e.g. 210.*.*.37) or even more, while the firewall
need to be set manually to forward. Therefore what we can see from the
radius server is just certain private IP address.
My concern is whether it is possible to set "NAS IP address" in the
config file as "NAS identifier".
Due to the consideration of security and probable conflict of private
addresses, I suppose a flexible setting would be a better idea. How do
you think about it?
More information about the openconnect-devel