Page MenuHomeVyOS Platform

Specify RADIUS source ip for PPP and L2TP connections
Closed, ResolvedPublicFEATURE REQUEST


RADIUS servers could be hardened by only allowing certain IP addresses to connect. As of now the radius client used e.g. for L2TP VPN auth will bind to address *. Incoming connections to the freeradius server will use the nearest interface IP address pointing to the radius server - making it error prone on OSPF networks when a link fails.

Instead of allowing all IPs from a router to connect to the RADIUS server, we should implement support for a source-ip node.

Freeradius-client used in VyOS 1.2 supports binding to an IP address:

# local address from which radius packets have to be sent
bindaddr *

Cisco uses something similar in IOS: radius ?
  source-interface  Specify interface for source address in RADIUS packets ip radius source-interface loopback0


Difficulty level
Easy (less than an hour)
Why the issue appeared?
Will be filled on close

Event Timeline

syncer triaged this task as Normal priority.Sep 25 2018, 2:07 PM
c-po claimed this task.
c-po changed Difficulty level from Unknown (require assessment) to Easy (less than an hour).
c-po renamed this task from Specify RADIUS source ip to Specify RADIUS source ip for PPP and L2TP connections.Apr 18 2019, 3:17 PM