FR 3.0.13 - fail-over in proxy with radsec doesn't work
Fikais Ladislav
fikais at cuni.cz
Tue May 23 18:04:53 CEST 2017
Hello,
I'm trying to setup a new FR 3.0.13 server as a proxy with radsec. I'm using two "main" radius servers (cuni-tls1, cuni-tls2 - FRv2 + RadSecProxy) to authenticate users and the new server should act only as a proxy (plus logging and VLAN rewrite) for a remote site. Currently I'm using for this FRv2 and RadSecProxy and it works fine (including fail-over) for a few years.
Now if I try to use only FR 3.0.13 with radsec for this proxy, it only works if the first main server (cuni-tls1) is reachable. If not (a DROP rule in the main servers FW) the proxy will not even try the secondary server (verified by tcpdump) and I get timeout.
Attached debug files:
- 1-ok.txt - first main server is reachable - OK
- 2-unr-r1.txt - first main server is NOT reachable - timeout even if I repeat the auth request
I'm not sure if I'm making any kind of config mistake or it's a bug. Could you please help me?
Thanks,
Lada
---
Ladislav Fikais
Charles University Computer Centre
Petrská 3, Praha 1
110 00, Czech Republic
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: 2-unr-r1.txt
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20170523/599de12b/attachment-0002.txt>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: 1-ok.txt
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20170523/599de12b/attachment-0003.txt>
More information about the Freeradius-Users
mailing list