radrelay: cross-replication of accounting records between two redundant freeradius servers

Alan DeKok aland at deployingradius.com
Sat Dec 17 14:47:49 CET 2011

Arch Mangle wrote:
> I've got radrelay replicating accounting packets from a primary radius
> server to a secondary radius server. The secondary radius server is
> capable of handling radius accounting/auth requests if NASes cannot
> reach the primary or the primary fails.
> However, when I test sending accounting packets to the secondary, the
> two systems go into some kind of circular loop, neither being smart
> enough to recognise a replicated auth packet when it sees one :-)

  You're replicating authentication packets?

  In any case... loops are simple to avoid.  You don't proxy ALL packets
back & forth.  You only proxy the ones that came from real clients.  You
DON'T proxy ones which came from the other server.

> My question is, how would i configure two-way replication in a scenario
> like this, without the loops ?

  I'm presuming you're writing the accounting packets to the detail
file, and then using radrelay to read that, and send them to the other

  When you write to do detail file, make it conditional, on the IP
address of the source of the packet:

	if (Packet-Src-IP-Address != {

  Where "" is the IP of the other server.

  Alan DeKok.

More information about the Freeradius-Users mailing list