NAS IP address under NAT

yick xie yick.xie at
Thu Nov 12 13:21:46 PST 2015

Dear developers,

I found a little issue, hope you don't mind of having a look at it.

The ocserv seems to packet the "NAS IP address" which is used by
freeradiusclient  to send messages. Recently I deployed a cloud VM
which is placed behind a firewall to separate the internal network
from public Internet. The VM is assigned  with a group of private IP
addresses (e.g., and at the same time with a dedicated
public IP address (e.g. 210.*.*.37) or even more, while the firewall
need to be set manually to forward. Therefore what we can see from the
radius server is just certain private IP address.

My concern is whether it is possible to set "NAS IP address" in  the
config file as "NAS identifier".
Due to the consideration of security and probable conflict of private
addresses, I suppose a flexible setting would be a better idea. How do
you think about it?


More information about the openconnect-devel mailing list