Re: [radsecproxy] Resolving 'server' host name again before reconnecting
6 Nov
2017
6 Nov
'17
10:05 a.m.
Hi,
On 6. Nov 2017, at 09:07, Arunashis Ghose
<arun(a)glidebit.com> wrote:
Hi,
We have a setup where the radius server changes it's IP address (maintaining the same
DNS name) every night, because a new radius server instance is created and the old one is
shut down.
As that happens, it seems radsecproxy fails to reconnect to the new one and keeps trying
to connect to the old IP address. It doesn't try to resolve the server host name again
before trying to reconnect.
Is there any configuration settings which can enable this feature in radsecproxy?
No.
But there is a workaround, since DNS ist not really secure you might use this feature:
server xyz {
host 10.0.0.0/8
...
}
If your server does not change the AS.
And if you don't use tls it is still vulnerable to IP spoofing.
If not, I feel this feature should be implemented. After a few failed attempts, it should
resolve server host name before connecting again.
--
Cheers
Arun
_______________________________________________
radsecproxy mailing list
radsecproxy(a)lists.nordu.net
https://lists.nordu.net/listinfo/radsecproxy
Mit freundlichen Grüßen/Best regards
Ralf Paffrath
--
Verein zur Förderung eines Deutschen Forschungsnetzes e.V.
Alexanderplatz 1, D - 10178 Berlin
eduroam Beratung:
Tel.: 030 88 42 99 91 21
eduroam technischer Support:
Tel.: 030 88 42 99 91 20
email:eduroam@dfn.de
Fax: 030 88 42 99 370
http://www.dfn.de
Vorstand: Prof. Dr. Hans-Joachim Bungartz (Vorsitzender), Dr. Ulrike Gutheil, Dr. Rainer
Bockholt
Geschäftsführung: Dr. Christian Grimm, Jochem Pattloch
Attachments:
- attachment.html (text/html — 4.6 KB)
- smime.p7s (application/pkcs7-signature — 4.7 KB)