Source address for Authentication (like Radius)
-
Is there a way to set the source address or interface that pfsense uses for Radius calls?
My instance of 2.1-RC0 is defaulting to source from the WAN address and I'd need it to source from the LAN address to make it to my Radius server.
-
Are you using RADIUS from the user manager, or from captive portal, or something else?
I thought one place let you set the source, but it typically will take the closest IP along the route to the server. If it needs to leave VIA the LAN IP, you may need a static route to nudge it the right way, sort of like what is described here: http://doc.pfsense.org/index.php/Why_can%27t_I_query_SNMP,_use_syslog,_NTP,_or_other_services_initiated_by_the_firewall_itself_over_IPsec_VPN%3F
-
In my experience, you should use IP and not FQDN for the RADIUS server.
-
In my experience, you should use IP and not FQDN for the RADIUS server.
That can definitely help if it's internal, for RADIUS (LDAP depends on the settings in use, FQDN is needed for SSL in most cases).
If you're using an FQDN you can check the DNS result seen by the firewall under Diag > DNS. It could be getting an external IP there rather than internal if you have a split DNS setup.