I’m traying to use the MT Radius client & the FreeRadius Server for my customers accounting.
The problem is that the MT it’s below a NAT System so the real address that arrive to the Radius Server is different from the NAS-IP-Address attribute sent from MT.
I know that some NAS (ex. CISCO) permits to change the NAS-IP-Address attribute before to send the request. It’s possible make something similar with MT?
Or in alternative, anyone knows a way to change the attribute from the Raidius Server before the authentication?
This is not an issue. You will either have to SRCNAT your MT behind the NAT, that way it has its own public IP, or put in your PAT IP that your MTs are coming from. You can have 100 MTs behind a NAT, and just list one IP, however, they all have to have the same secret.
use pptp tunnel from border gw (where you use src-nat) to radius server, and you don’t src-nat to the tunnel. I use this with mt → debian and it works fine.
(interesting: debian is the pptp server and mt is the client, because i can’t do for working reversal.) In radius don’t remember to route inner ip addresses to the pptp tunnel.