Hi,
On 6. Nov 2017, at 09:07, Arunashis Ghose arun@glidebit.com wrote:
Hi,
We have a setup where the radius server changes it's IP address (maintaining the same DNS name) every night, because a new radius server instance is created and the old one is shut down.
As that happens, it seems radsecproxy fails to reconnect to the new one and keeps trying to connect to the old IP address. It doesn't try to resolve the server host name again before trying to reconnect.
Is there any configuration settings which can enable this feature in radsecproxy?
No.
But there is a workaround, since DNS ist not really secure you might use this feature:
server xyz { host 10.0.0.0/8 ... }
If your server does not change the AS.
And if you don't use tls it is still vulnerable to IP spoofing.
If not, I feel this feature should be implemented. After a few failed attempts, it should resolve server host name before connecting again.
-- Cheers Arun
radsecproxy mailing list radsecproxy@lists.nordu.net https://lists.nordu.net/listinfo/radsecproxy
Mit freundlichen Grüßen/Best regards Ralf Paffrath -- Verein zur Förderung eines Deutschen Forschungsnetzes e.V. Alexanderplatz 1, D - 10178 Berlin
eduroam Beratung: Tel.: 030 88 42 99 91 21 eduroam technischer Support: Tel.: 030 88 42 99 91 20
email:eduroam@dfn.de
Fax: 030 88 42 99 370 http://www.dfn.de
Vorstand: Prof. Dr. Hans-Joachim Bungartz (Vorsitzender), Dr. Ulrike Gutheil, Dr. Rainer Bockholt Geschäftsführung: Dr. Christian Grimm, Jochem Pattloch