Proxy FreeRADIUS Monitoring from LB F5

Alan DeKok aland at deployingradius.com
Sun Dec 9 21:31:45 CET 2018


On Dec 9, 2018, at 2:17 PM, CALMELS, Thierry (SOGETI REGIONS SAS) <thierry.calmels.external at airbus.com> wrote:
> We have an infrastucture using freeRadius 3 (freeradius-3.0.13-8) on RHEL7.5.
> 
> The infrastructure implements in front a layer “PROXY RADIUS” (not based on proxy.conf usage – thus we are using a custom proxy logic).
> The infrastructure works as expected.
> 
> The architecture is as follow:
> 
> Client NAS --> LB BigIP F5 --> Proxy FreeRADIUS --> LB BigIP F5 --> BackEnd FreeRADIUS

  I'm not sure why you need two F5s, but OK.

> However we want to improve monitoring made by F5 in front of the layer proxy Radius.
> For that, we have configured a Radius profile on the F5, based on username/password declared in the /etc/raddb/users files.
> 
> healthcheckVIP   Auth-Type:=Accept, User-Password=="my_password "
> 
> Unfortunately, this configuration works only if the healthcheckVIP account is declared on the BackEnd FreeRADIUS!

  Only if you configure the proxy to send *all* traffic to the backend.

  If you configure the proxy to reply to the F5 for local users, it should work.  

> The account declared on Proxy is not taken in account.
> I didn’t find any solution/setting to block the radius request at layer proxy when the account is found and credentials confirmed.

  You didn't say how *else* you configured the server.  i.e. how did you configure it to proxy requests?

  You're not using proxy.conf, so what *are* you using?

  Alan DeKok.




More information about the Freeradius-Users mailing list