Source-IP on server status packets
Alan DeKok
aland at deployingradius.com
Mon Aug 9 16:17:25 CEST 2021
On Aug 9, 2021, at 8:57 AM, Stefan Düring <duering at zib.de> wrote:
>
> We have 2 identical radius servers (FreeRADIUS 3.0.21)
> On the same servers radsecproxies are running. (radsecproxy 1.8.2)
>
> The servers have 2 IP adresses (1 as secondary which should be used for radius and radsecproxy).
>
> After freeradius restart everything works fine.
> Freeradius sends server status packets to the internal radsecproxy and to external radius servers (eduroam)
> with the correct source (secondary ip address).
OK..
> It works for a long time but suddenly one of these freeradius sends the server status packets with
> a wrong source ip (primary) to the internal radsecproxy.
That is usually a routing issue.
i.e. the OS decides what source IP to use for the proxied packets.
> Radsecproxy ignores these packets of course.
>
> We followed the instructions in FAQ ("Is there a way to bind FreeRADIUS to a specific IP address?")
Read proxy.conf, look for "source IP address". This is documented.
> Any ideas how to trace / correct this?
Read the follow the documentation.
> Here are the configuration details:
>
> ### Server Network Config
Not helpful.
> ### site default
> server default {
> listen {
Not helpful.
> type = auth
> ipaddr = 10.173.120.11
> port = 1812
> ...
> }
>
> ### proxy.conf
Not helpful.
> ### RadSecProxy Log
Very much not helpful.
ALL of the documentation says to post the output of "radiusd -X". When you join the list, you get a message which says to read http://wiki.freeradius.org/list-help
Is there some other place we need to put the documentation so that people will read it, and follow the instructions?
Alan DeKok.
More information about the Freeradius-Users
mailing list