FR 3.0.13 - fail-over in proxy with radsec doesn't work

Fikais Ladislav fikais at cuni.cz
Tue May 23 18:04:53 CEST 2017


Hello,



  I'm trying to setup a new FR 3.0.13 server as a proxy with radsec. I'm using two "main" radius servers (cuni-tls1, cuni-tls2 - FRv2 + RadSecProxy) to authenticate users and the new server should act only as a proxy (plus logging and VLAN rewrite) for a remote site. Currently I'm using for this FRv2 and RadSecProxy and it works fine (including fail-over) for a few years.



  Now if I try to use only FR 3.0.13 with radsec for this proxy, it only works if the first main server (cuni-tls1) is reachable. If not (a DROP rule in the main servers FW) the proxy will not even try the secondary server (verified by tcpdump) and I get timeout.



Attached debug files:

- 1-ok.txt - first main server is reachable -  OK

- 2-unr-r1.txt - first main server is NOT reachable - timeout even if I repeat the auth request



  I'm not sure if I'm making any kind of config mistake or it's a bug. Could you please help me?



Thanks,



Lada



---

Ladislav Fikais
Charles University Computer Centre
Petrsk√° 3, Praha 1
110 00, Czech Republic





-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: 2-unr-r1.txt
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20170523/599de12b/attachment-0002.txt>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: 1-ok.txt
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20170523/599de12b/attachment-0003.txt>


More information about the Freeradius-Users mailing list