Privacyidea with a public IP

Hi guys

We have set up PrivacyIDEA in the cloud to serve all our sites. I need deferent devices in each site (firewall, VPN, switches) to authenticate over the internet. All the sites are behind NAT. for example

Site A with the public IP

  • Firewall/VPN
  • Switch.1
  • Switch.2

My PrivacyIDEA with radius public IP is

How do I configure PrivacyIDEA with “Override Authorization Client” to be able to see the equipment private IP and not I’ve tried just the site public IP and> But nothing is working. I’m assuming my formatting of “Override Authorization Client” is incorrect or do I need to tick a box somewhere else as well?

This is so I can create one policy for the switches and one for the VPN.


Please read this again:

It should be obvious, which IP address you need to enter there.
There are even examples.

Thanks a lot.

Thanks, but I have already. Obviously I’m doing something wrong. My radius client is behind a firewall/NAT and I’m not sure if “Override Authorization Client” needs to have the public IP or the private IP of the radius client.

Is it not clear, that it is the IP address seen by the privacyIDEA server?

I thought you could pass through the private IP of the radius client. In my situation, I’ll have several radius clients behind one public IP. I was hopping I can create deferent sets of policies based on private IPs.

This is ment to be used to pass the RADIUS client IP. But: You need to configure the right IP address to allow the override.