diff --git a/Python/etc/freeradius/clients.conf b/Python/etc/freeradius/clients.conf
index 99cbb3a..dde252f 100644
--- a/Python/etc/freeradius/clients.conf
+++ b/Python/etc/freeradius/clients.conf
@@ -6,34 +6,44 @@ info["owner"] = "root"
 info["group"] = "adm"
 info["perms"] = 0640
 
+def netmask(**kw):
+    kw['ipaddr'] = 'ipaddr'
+    if ':' in kw['net']:
+        kw['ipaddr'] = 'ipv6addr'
+    print """
+# %(comment)s
+client netmask {
+   \x20%(ipaddr)s = %(net)s
+    netmask = %(slash)d
+    secret = %(secret)s
+    shortname = %(shortname)s
+    nastype = other
+}
+""" % kw
+
 # TODO: dehardcoder les IPs
-print """
-# Les switchs
-client netmask {
-    ipaddr = 10.231.136.0
-    netmask = 24
-    secret = %(wired_secret)s
-    shortname = switchs
-}
+netmask(
+    net='10.231.136.0',
+    slash=24,
+    comment='Les switchs',
+    secret=secrets.radius_key,
+    shortname='switchs')
+netmask(
+    net='fda8:5d34:a228:c04::',
+    slash=64,
+    comment='Les bornes, en ipv6',
+    secret=secrets.radius_eap_key,
+    shortname='wifi')
+netmask(
+    net='2a01:240:fe3d:c04::',
+    slash=64,
+    comment='Les bornes, en ipv6 (kludge)',
+    secret=secrets.radius_eap_key,
+    shortname='wifi')
+netmask(
+    net='0::',
+    slash=0,
+    comment='Les bornes, en ipv6 (kludge bis)',
+    secret=secrets.radius_eap_key,
+    shortname='wifi')
 
-# Les bornes wifi
-client netmask {
-    ipaddr = 138.231.148.0
-    netmask = 24
-    secret = %(wifi_secret)s
-    shortname = wifi
-    nastype = other
-}
-
-# Les bornes wifi (en ipv6)
-client netmask {
-    ipv6addr = fda8:5d34:a228:c04::
-    netmask = 64
-    secret = %(wifi_secret)s
-    shortname = wifi
-    nastype = other
-}
-""" % {
-  'wired_secret': secrets.radius_key,
-  'wifi_secret': secrets.radius_eap_key,
-}