From 21b2541d98b02602dc2301e57c2ca7efddbc6cff Mon Sep 17 00:00:00 2001
From: Christian Breunig <christian@breunig.cc>
Date: Fri, 10 Jan 2025 21:02:59 +0100
Subject: radius: T7039: fix broken IPv6 source address
When configuring RADIUS to use IPv6 as connection to the server with an
optional source-address
set system login radius server 2001:db8::4 key '9LMVCtPYpG'
set system login radius source-address '2001:db8::1'
It will error out:
pam_radius_auth(sshd:auth): Failed looking up source IP address [2001:db8::1]
for server [2001:db8::4]:1812 (error=System error)
The source address is not allowed to be in [] - thus the brackets need to be
removed.
---
data/templates/login/pam_radius_auth.conf.j2 | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
(limited to 'data/templates/login')
diff --git a/data/templates/login/pam_radius_auth.conf.j2 b/data/templates/login/pam_radius_auth.conf.j2
index 75437ca71..f9b8d5e87 100644
--- a/data/templates/login/pam_radius_auth.conf.j2
+++ b/data/templates/login/pam_radius_auth.conf.j2
@@ -9,7 +9,7 @@
{% if address | is_ipv4 %}
{% set source_address.ipv4 = address %}
{% elif address | is_ipv6 %}
-{% set source_address.ipv6 = "[" + address + "]" %}
+{% set source_address.ipv6 = address %}
{% endif %}
{% endfor %}
{% endif %}
@@ -21,7 +21,7 @@
{% if server | is_ipv4 %}
{{ server }}:{{ options.port }} {{ "%-25s" | format(options.key) }} {{ "%-10s" | format(options.timeout) }} {{ source_address.ipv4 if source_address.ipv4 is vyos_defined }}
{% else %}
-[{{ server }}]:{{ options.port }} {{ "%-25s" | format(options.key) }} {{ "%-10s" | format(options.timeout) }} {{ source_address.ipv6 if source_address.ipv6 is vyos_defined }}
+{{ server | bracketize_ipv6 }}:{{ options.port }} {{ "%-25s" | format(options.key) }} {{ "%-10s" | format(options.timeout) }} {{ source_address.ipv6 if source_address.ipv6 is vyos_defined }}
{% endif %}
{% endfor %}
{% endif %}
--
cgit v1.2.3