3.6. IPv6 support

Radiator supports IPv6 transport for RADIUS over UDP, RadSec (RFC 6614), DIAMETER, and TACACS+. This means that Radiator can send, receive, and proxy requests over IPv6.
Note
Older Perl versions require Socket6.pm for IPv6 support. If Radiator cannot find working IPv6 support during the startup, it logs an INFO level message. If there is no working IPv6 support, RADIUS attributes with IPv6 types are available as binary values, and IPv6 sockets are not supported.
Note
Radiator 4.13 does not require ipv6:-prefix for IPv6 addresses anymore. It is still allowed but should be avoided in new configurations. This prefix can be used to request IPv6 address resolution for names. By default, the names are currently resolved to IPv4 addresses only.
Various modules describe their IPv6 support in more detail. For example, <AuthBy LDAP2> can connect to LDAP servers over IPv6 with detailed IPv6 information. For more information, see Section 3.47. <AuthBy LDAP2>. Another example is the Resolver clause for <AuthBy DNSROAM>, which can query DNS servers over IPv6 and optionally fetch IPv6 records if configured to do so.
For more information about SNMP support for IPv6, see Section 3.29. <SNMPAgent>.
Supported RADIUS specific IPv6 RFCs include:
Many protocols, such as DIAMETER, do not require specifically IPv4 or IPv6. Radiator supports these protocols over both IP versions as long as the underlying operating system and Perl modules offer support for the both protocols.

3.6.1. IPv6 Clients

IPv6 Client clauses support single IPv6 addresses and IPv6 CIDR notation. When IPv6 CIDR client clauses are used, you may want to consider installing Math::BigInt::GMP or Math::BigInt::Pari Perl modules for more efficient IPv6 network mask calculation.

3.6.2. IPv6 wildcard listen address

If you are using recent Perl or Socket.pm you can configure separate IPv4 and IPv6 wildcard listen sockets by specifying both IPv6 and IPv4 wildcard addresses and turning on IPV6_V6ONLY socket option:
BindAddress ::,0.0.0.0
BindV6Only
For more information about this parameter, see Section 3.7.10. BindV6Only.
Note
There are differences between operating systems. For example, on Linux IPV6_V6ONLY is off by default. When it is off, the following will BindAddress parameter not work as expected. The bind to IPv6 wildcard address is done first and this does not allow binding to IPv4 wildcard address afterwards:
BindAddress ::, 0.0.0.0
If IPV6_V6ONLY is set to 1, the IPv6 bind will not affect the IPv4 bind and the example BindAddress will work as expected. On OS X 10.9 it is possible to bind to IPv4 wildcard address first followed by IPv6 wildcard address. On Windows IPV6_V6ONLY behaviour is the default.
Note
Linux has a sysctl kernel parameter net.ipv6.bindv6only and special file to control the system wide behaviour: /proc/sys/net/ipv6/bindv6only.

3.6.3. IPv4-mapped IPv6 address

When IPv4 packets are received by a system that uses IPv6 wildcard listen sockets, the client addresses may show as IPv4-mapped IPv6 addresses. See Section 3.7.10. BindV6Only for more info about this feature and how to control IPv4 mapped IPv6 addresses.
Tip
Configuring the operating system or Radiator to not use IPv4-mapped IPv6 addresses allows you to keep IPv4 and IPv6 clearly separate.