On 6. Nov 2017, at 09:07, Arunashis Ghose <arun@glidebit.com> wrote:

Hi,

We have a setup where the radius server changes it's IP address (maintaining the same DNS name) every night, because a new radius server instance is created and the old one is shut down.

As that happens, it seems radsecproxy fails to reconnect to the new one and keeps trying to connect to the old IP address. It doesn't try to resolve the server host name again before trying to reconnect.

Is there any configuration settings which can enable this feature in radsecproxy?

No.

But there is a workaround, since DNS ist not really secure you might use this feature:

server xyz {

host 10.0.0.0/8

...

}

If your server does not change the AS.

And if you don't use tls it is still vulnerable to IP spoofing.

If not, I feel this feature should be implemented. After a few failed attempts, it should resolve server host name before connecting again.

--
Cheers
Arun

_______________________________________________
radsecproxy mailing list
radsecproxy@lists.nordu.net
https://lists.nordu.net/listinfo/radsecproxy

Mit freundlichen Grüßen/Best regards
Ralf Paffrath
--
Verein zur Förderung eines Deutschen Forschungsnetzes e.V.
Alexanderplatz 1, D - 10178 Berlin

eduroam Beratung:
Tel.: 030 88 42 99 91 21
eduroam technischer Support:
Tel.: 030 88 42 99 91 20

email:eduroam@dfn.de

Fax: 030 88 42 99 370
http://www.dfn.de

Vorstand: Prof. Dr. Hans-Joachim Bungartz (Vorsitzender), Dr. Ulrike Gutheil, Dr. Rainer Bockholt
Geschäftsführung: Dr. Christian Grimm, Jochem Pattloch