freeradius and dynamic ip allocation

Company 2210 company2210 at
Wed May 28 19:19:09 BST 2003

Another excellent (and platform independant  - runs on perl) radius server
is Open Systems Radiator. We use it for wireless client authentication and
it is superb, worth grabbing the evaluation version for a peek.

One quick question, while I'm here ;), how can you get ipfw to read from a
ruleset in a file? so you don't have to type the rules in again every time
you reboot?



----- Original Message -----
From: "Paul Robinson" <paul at>
To: "Robin Garbutt" <robing at>
Cc: <freebsd-users at>
Sent: Wednesday, May 28, 2003 5:28 PM
Subject: Re: freeradius and dynamic ip allocation

> On Wed, May 28, 2003 at 12:13:59PM +0100, Robin Garbutt wrote:
> > does anyone know how to configure freeradius so that it dynamically
asigns ip addresses from a pool as opposed to allocating a static ip
> Firstly, freeradius isn't very good. Personally, I'd reccomend XTradius as
> it just gives you a lot more flexibility. but, you probably have it for a
> reason, so...
> > my users in the users file look like the following at present:-
> >
> > robing Auth-Type := Local, User-Password == "password"
> >        Service-Type = Framed-User,
> >        Framed-Protocol = PPP,
> >        Framed-IP-Address =,
> >        Framed-IP-Netmask =,
> >        Framed-Routing = Broadcast-Listen,
> >        Framed-Filter-Id = "std.ppp",
> >        Framed-MTU = 1500,
> >        Framed-Compression = Van-Jacobsen-TCP-IP
> Not being funny, but that's horrible. What NAS/RAS kit are you using with
> that?
> If your RAS is configured with a pool of IPs it can dole out, the magic
> to edit is:
> Framed-IP-Address -
> In fact, I would strongly urge you to read:
> Simply because it might help you clean up your config file a bit.
> If you don't want the RAS to assign it (or you're using kit that can't
> pool), but you want to assign it at the radius server first check you're
> never going to have more than one NAS, or if you do, you can handle
> IPs being moved across from one box to another. Otherwise, I'd recommend
> moving over to something with more intelligence built-in, like XtRaius
> allows you to craft the packets you send back with any program of your
> choice - so you could write a Perl script that takes an IP out of a pool
> store in MySQL or something and throws that back. Gives more flexibility
> It's been a few years since I was last doing RADIUS and on an IETF WG for
> this stuff, but I hope this helps...
> --
> Paul Robinson
> ------ FreeBSD UK Users' Group  -  Mailing List ------

More information about the Ukfreebsd mailing list