Failure authenticate using IPv6
Michael Sherman
michael.sherman at exfo.com
Wed May 22 22:47:15 CEST 2013
HI All,
I'm testing freeradius server version 2.2.0. Worked fine using IPv4.
When I switched to IPv6 I got the following error:
Ignoring request to authentication address :: port 1812 from unknown
client fe80::215:17ff:fed0:d278 port 41189
Here is the entry from the clients.conf:
client goya {
ipv6addr = fe80::215:17ff:fed0:d278
# netmask = 128
secret = test
shortname = test-net
}
Radtest command used with output:
radtest -6 test test fe80::21b:78ff:fe40:1de1 0 test
Sending Access-Request of id 143 to fe80::21b:78ff:fe40:1de1 port 1812
User-Name = "test"
User-Password = "test"
NAS-IPv6-Address = ::1
NAS-Port = 0
Message-Authenticator = 0x00000000000000000000000000000000
Tcpdump on server:
[root at jackass ~]# tcpdump -i eth0 host fe80::21b:78ff:fe40:1de1
tcpdump: verbose output suppressed, use -v or -vv for full protocol
decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
16:40:27.693362 fe80::21b:78ff:fe40:1de1 > fe80::215:17ff:fed0:d278:
icmp6: neighbor adv: tgt is fe80::21b:78ff:fe40:1de1
16:40:27.693704 fe80::215:17ff:fed0:d278.48743 >
fe80::21b:78ff:fe40:1de1.radius: RADIUS, Access Request (1), id: 0x20
length: 86
16:40:32.692677 fe80::21b:78ff:fe40:1de1 > fe80::215:17ff:fed0:d278:
icmp6: neighbor sol: who has fe80::215:17ff:fed0:d278
16:40:32.694009 fe80::215:17ff:fed0:d278 > fe80::21b:78ff:fe40:1de1:
icmp6: neighbor adv: tgt is fe80::215:17ff:fed0:d278
16:40:32.697159 fe80::215:17ff:fed0:d278.48743 >
fe80::21b:78ff:fe40:1de1.radius: RADIUS, Access Request (1), id: 0x20
length: 86
16:40:37.702304 fe80::215:17ff:fed0:d278.48743 >
fe80::21b:78ff:fe40:1de1.radius: RADIUS, Access Request (1), id: 0x20
length: 86
Ifconfig on server:
[root at jackass ~]# ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:1B:78:40:1D:E1
inet addr:10.10.20.208 Bcast:10.10.20.255 Mask:255.255.255.0
inet6 addr: fe80::21b:78ff:fe40:1de1/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:11032790 errors:0 dropped:0 overruns:0 frame:0
TX packets:282990 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2421527725 (2.2 GiB) TX bytes:116875391 (111.4 MiB)
Interrupt:209
Here is the related logs from radius -X:
radiusd: #### Loading Clients ####
client 127.0.0.1 {
require_message_authenticator = no
secret = "testing123"
shortname = "localhost"
nastype = "other"
}
client 10.10.0.0/16 {
require_message_authenticator = no
secret = "test"
shortname = "test-net"
}
client goya {
ipv6addr = fe80::215:17ff:fed0:d278 IPv6 address
[fe80::215:17ff:fed0:d278]
require_message_authenticator = no
secret = "test"
shortname = "test-net"
}
...
radiusd: #### Opening IP addresses and Ports ####
listen {
type = "auth"
ipv6addr = :: IPv6 address [::]
port = 0
}
listen {
type = "acct"
ipv6addr = :: IPv6 address [::]
port = 0
}
listen {
type = "control"
listen {
socket = "/usr/local/var/run/radiusd/radiusd.sock"
}
}
listen {
type = "auth"
ipaddr = 127.0.0.1
port = 18120
}
... adding new socket proxy address * port 53193
Listening on authentication address :: port 1812
Listening on accounting address :: port 1813
Listening on command file /usr/local/var/run/radiusd/radiusd.sock
Listening on authentication address 127.0.0.1 port 18120 as server
inner-tunnel
Listening on proxy address :: port 1814
Ready to process requests.
Ignoring request to authentication address :: port 1812 from unknown
client fe80::215:17ff:fed0:d278 port 43140
Ready to process requests.
Ignoring request to authentication address :: port 1812 from unknown
client fe80::215:17ff:fed0:d278 port 43140
Ready to process requests.
Ignoring request to authentication address :: port 1812 from unknown
client fe80::215:17ff:fed0:d278 port 43140
Thanks in advance,
Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130522/35e3b8c0/attachment.html>
More information about the Freeradius-Users
mailing list