Preventing proxy loops

Tue Sep 1 11:19:11 CEST 2020

Hello,

We have freeRADIUS proxies dedicated to eduroam, version 3.0.21.

Some of our clients are sending us Access-Request ... with their realm.
We forward them to their home_server (the same as the client) and
they send them back to us again. This sometimes creates loops.

How can we prevent our proxies from these loops ? Knowing that :
- We don't have access to the clients/home server organizations RADIUS
configs.
- We tried a filter in the pre-proxy section :
        if (Realm && ("%{home_server:ipaddr}" == "%{client:ipaddr}")) {
                update request {
                        &Module-Failure-Message += 'Rejected: loop prevent'
                }
                reject
        }
But this rule is too strict for the monitoring requests used by some 
organizations.
- Another way ?

Regards,

Arnaud Lauriou