NAS IP address under NAT
Nikos Mavrogiannopoulos
n.mavrogiannopoulos at gmail.com
Fri Nov 20 14:12:35 PST 2015
On Fri, 2015-11-13 at 05:21 +0800, yick xie wrote:
> Dear developers,
>
> I found a little issue, hope you don't mind of having a look at it.
>
> The ocserv seems to packet the "NAS IP address" which is used by
> freeradiusclient to send messages. Recently I deployed a cloud VM
> which is placed behind a firewall to separate the internal network
> from public Internet. The VM is assigned with a group of private IP
> addresses (e.g. 10.15.0.0/22), and at the same time with a dedicated
> public IP address (e.g. 210.*.*.37) or even more, while the firewall
> need to be set manually to forward. Therefore what we can see from
> the radius server is just certain private IP address.
If that is to be done I think the best place is the radcli library.
That should be pretty easy to do, feel free to submit a pull request
for that. However, the question is where the most appropriate place to
do a rewrite of IPs, in the source which is reporting them or in the
radius which is receiving the IPs.
regards,
Nikos
More information about the openconnect-devel
mailing list