CoA/DM over RADSEC - FreeRadius server ignores the CoA/DM request as Invalid when receives over TLS

saurabha badhai saurabha.badhai at gmail.com
Tue Apr 7 15:48:11 CEST 2020


Thanks Alan for quick response.and pushed the fix. !!!

-/Saurabha Kumar Badhai

On Tue, Apr 7, 2020 at 6:45 PM Alan DeKok <aland at deployingradius.com> wrote:

> On Apr 7, 2020, at 8:15 AM, saurabha badhai <saurabha.badhai at gmail.com>
> wrote:
> > I am a freeradius use for long time since 2.1.12 releases.
>
>   Thanks!
>
> > Recently I upgraded to v3.0.16 and testing the CoA/DM over radsec part.
> > Already I tested the auhtntication and accounting over RADSEC and it
> works
> > fine
> >
> > But for CoA/DM over RADSEC, I see some enhancement is required in
> > freeradius server.
> >
> > *[Description]*
> > On receiving the CoA/DM request from one freeradius server over TLS, I
> see
> > freeradius server is discarding it with the below error.
> >
> > *Error: Invalid packet code 45 sent to a proxy port from home server
> > 10.174.75.66 port 2084 - ID 154 : IGNORED*
>
>    That is a CoA NAK.  Yes, it should allow CoA / DM over TLS.
>
> > When I see the code where the error happens, I found like in
> > */src/main/tls_listen.c* under function *dual_tls_recv *we may required
> to
> > include below two cases to solve this.
>
>   That's for receiving CoA packets over TLS.  Yes, that should be allowed,
> too.
>
> > After I added this above lines in the same place, CoA/DM works fine.
> > My asking is to help to review this changes and check if we can we
> include
> > this changes in newer release.
>
>   I've pushed some patches.  That should help.
>
>   Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/devel.html


More information about the Freeradius-Devel mailing list