Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Centos 7 - Error when ipv6 is enabled #38

Open
ribellusmt opened this issue Nov 17, 2017 · 0 comments
Open

Centos 7 - Error when ipv6 is enabled #38

ribellusmt opened this issue Nov 17, 2017 · 0 comments

Comments

@ribellusmt
Copy link

ribellusmt commented Nov 17, 2017
edited
Loading

Hello,

mod_auth_radius is not working when IPv6 is enabled.

PoC
Interface

enp0s3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.0.2.15  netmask 255.255.255.0  broadcast 10.0.2.255
        inet6 fe80::a00:27ff:fef0:72b  prefixlen 64  scopeid 0x20<link>
        ether 08:00:27:f0:07:2b  txqueuelen 1000  (Ethernet)
        RX packets 12586  bytes 14295882 (13.6 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 4866  bytes 351827 (343.5 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

A debug was added to the C script

/* RADIUS utility functions */
static struct in_addr *ip_addr_get(apr_pool_t *p,
                                   const char *hostname)
{
        struct hostent *hp;

         char logmess[MAXLEN];
                snprintf(logmess,MAXLEN-1,"HOSTNAME 001: %s",hostname);

                openlog ("debugPOC", LOG_PID, LOG_LOCAL1);
                syslog (LOG_INFO, logmess);
                closelog ();

        if ((hp = gethostbyname(hostname)) != NULL) {
                struct in_addr *ipaddr = apr_pcalloc(p, sizeof(struct in_addr));
                *ipaddr = *(struct in_addr *)hp->h_addr; /* make a local copy */
                return ipaddr;

        }
        return NULL;
}

When you start the httpd server, a first access is done to the fonction:

Nov 17 16:13:37 debug-Centos7-vm debugPOC[10794]: HOSTNAME 001: 192.168.1.100
Nov 17 16:13:37 debug-Centos7-vm systemd: Started The Apache HTTP Server.

After accessing the webpage, enter user / password and clic Connect, the log is:
Nov 17 16:13:53 debug-Centos7-vm debugPOC[10796]: HOSTNAME 001: fe80::a00:27ff:fef0:72b

The remote hostname is not the same that the one in the config file and changed for the IPv6 local of the first interface.

After disabling IPv6, all good:

echo 1 > /proc/sys/net/ipv6/conf/default/disable_ipv6
echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6
Nov 17 16:18:19 main-repo debugPOC[10861]: HOSTNAME 001: 192.168.1.100
Nov 17 16:18:19 main-repo systemd: Started The Apache HTTP Server.
Nov 17 16:18:31 main-repo debugPOC[10863]: HOSTNAME 001: 10.0.2.15

Thanks,
Ribellusmt
@ribellusmt ribellusmt changed the title Centos 7 - Error when ipv6 on main interface Centos 7 - Error when ipv6 is enabled Nov 17, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ribellusmt